Original release date: October 19, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| foxitsoftware — foxit_reader | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit PhantomPDF Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11308. | 2020-10-13 | 7.2 |
CVE-2020-17415 N/A N/A |
| foxitsoftware — foxit_reader | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229. | 2020-10-13 | 7.2 |
CVE-2020-17414 N/A N/A |
| google — android | In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585 | 2020-10-14 | 9.3 |
CVE-2020-0416 MISC |
| google — android | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158833854 | 2020-10-14 | 7.8 |
CVE-2020-0377 MISC |
| google — android | In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162383705 | 2020-10-14 | 7.2 |
CVE-2020-0420 MISC |
| google — android | In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517 | 2020-10-14 | 7.2 |
CVE-2020-0421 MISC |
| google — android | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257 | 2020-10-14 | 9.4 |
CVE-2020-0283 MISC |
| google — android | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156 | 2020-10-14 | 9.4 |
CVE-2020-0376 MISC |
| google — android | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256 | 2020-10-14 | 9.4 |
CVE-2020-0371 MISC |
| google — android | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455 | 2020-10-14 | 9.4 |
CVE-2020-0367 MISC |
| google — android | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705 | 2020-10-14 | 9.4 |
CVE-2020-0339 MISC |
| google — android | In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-156999009 | 2020-10-14 | 7.2 |
CVE-2020-0408 MISC |
| huawei — p30_pro_firmware | HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | 2020-10-12 | 7.1 |
CVE-2020-9108 MISC |
| huawei — p30_pro_firmware | HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | 2020-10-12 | 7.1 |
CVE-2020-9107 MISC |
| ibm — cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610. | 2020-10-12 | 9.3 |
CVE-2020-4302 XF CONFIRM |
| ibm — security_guardium | IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. | 2020-10-12 | 8.5 |
CVE-2020-4689 XF CONFIRM |
| lenovo — diagnostics | A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | 2020-10-14 | 7.2 |
CVE-2020-8338 MISC |
| netgear — d6200_firmware | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | 10 |
CVE-2020-26908 MISC |
| netgear — d7800_firmware | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48. | 2020-10-09 | 8.3 |
CVE-2020-26909 MISC |
| netgear — rbk752_firmware | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | 8.3 |
CVE-2020-26902 MISC |
| netgear — rbk852_firmware | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | 2020-10-09 | 7.7 |
CVE-2020-26907 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — fineract | The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | 2020-10-13 | 5 |
CVE-2018-20243 MISC |
| foxitsoftware — 3d | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11226. | 2020-10-13 | 6.8 |
CVE-2020-17413 N/A N/A |
| foxitsoftware — 3d | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11224. | 2020-10-13 | 6.8 |
CVE-2020-17412 N/A N/A |
| foxitsoftware — 3d | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190. | 2020-10-13 | 4.3 |
CVE-2020-17411 N/A N/A |
| foxitsoftware — foxit_reader | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11135. | 2020-10-13 | 6.8 |
CVE-2020-17410 N/A N/A |
| garfield_petshop_project — garfield_petshop | A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | 2020-10-09 | 6.8 |
CVE-2020-26522 MISC MISC MISC MISC |
| google — android | In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-159062405 | 2020-10-14 | 4.9 |
CVE-2020-0246 MISC |
| google — android | In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-142641801 | 2020-10-14 | 4.3 |
CVE-2020-0411 MISC |
| google — android | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659 | 2020-10-14 | 5 |
CVE-2020-0413 MISC |
| google — android | In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-153356561 | 2020-10-14 | 4.9 |
CVE-2020-0400 MISC |
| google — android | In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-157748906 | 2020-10-14 | 4.9 |
CVE-2020-0378 MISC |
| google — android | In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-154323381 | 2020-10-14 | 4.9 |
CVE-2020-0398 MISC |
| google — android | In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-137284057 | 2020-10-14 | 4.6 |
CVE-2019-2194 MISC |
| google — android | In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122 | 2020-10-14 | 4.3 |
CVE-2020-0414 MISC |
| huawei — fusionaccess | FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. | 2020-10-12 | 4.6 |
CVE-2020-9090 MISC |
| ibm — cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270. | 2020-10-12 | 6.4 |
CVE-2020-4388 XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 188150. | 2020-10-12 | 4.3 |
CVE-2020-4740 XF CONFIRM |
| ibm — security_guardium | IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | 2020-10-12 | 4 |
CVE-2020-4678 XF CONFIRM |
| linux — linux_kernel | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | 2020-10-13 | 5 |
CVE-2020-25645 SUSE MISC |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | 5.2 |
CVE-2020-26910 MISC |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | 5.8 |
CVE-2020-26928 MISC |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | 5.8 |
CVE-2020-26926 MISC |
| netgear — d6100_firmware | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40. | 2020-10-09 | 5.2 |
CVE-2020-26913 MISC |
| netgear — d6200_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | 5.2 |
CVE-2020-26914 MISC |
| netgear — d6200_firmware | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62. | 2020-10-09 | 5.8 |
CVE-2020-26916 MISC |
| netgear — d6200_firmware | Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | 5.8 |
CVE-2020-26911 MISC |
| netgear — d6200_firmware | Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | 2020-10-09 | 6.8 |
CVE-2020-26912 MISC |
| netgear — ex7700_firmware | NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. | 2020-10-09 | 5.5 |
CVE-2020-26930 MISC |
| netgear — gs110emx_firmware | Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3. | 2020-10-09 | 5.8 |
CVE-2020-26921 MISC |
| netgear — r6230_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100. | 2020-10-09 | 5.2 |
CVE-2020-26929 MISC |
| netgear — srk60_firmware | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110. | 2020-10-09 | 5.8 |
CVE-2020-26920 MISC |
| netgear — wc7500_firmware | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 2020-10-09 | 4.6 |
CVE-2020-26922 MISC |
| onwebchat — live_chat_-_live_support | Cross-site request forgery (CSRF) vulnerability in Live Chat – Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2020-10-15 | 6.8 |
CVE-2020-5642 MISC MISC MISC |
| webmin — webmin | XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email. | 2020-10-12 | 4.3 |
CVE-2020-12670 CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| google — android | In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269 | 2020-10-14 | 2.1 |
CVE-2020-0410 MISC |
| google — android | In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795 | 2020-10-14 | 2.1 |
CVE-2020-0415 MISC |
| google — android | In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-142125338 | 2020-10-14 | 2.1 |
CVE-2020-0419 MISC |
| google — android | In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556 | 2020-10-14 | 2.1 |
CVE-2020-0422 MISC |
| google — android | In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416 | 2020-10-14 | 2.1 |
CVE-2020-0412 MISC |
| huawei — hirouter-cd30-10_firmware | Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21. | 2020-10-12 | 3.3 |
CVE-2020-9122 MISC |
| huawei — p30_pro_firmware | HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. | 2020-10-12 | 2.1 |
CVE-2020-9106 MISC |
| huawei — taurus-al00a_firmware | Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. | 2020-10-12 | 2.1 |
CVE-2020-9087 MISC |
| huawei — taurus-an00b_firmware | Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | 2020-10-12 | 3.3 |
CVE-2020-9238 MISC |
| huawei — taurus-an00b_firmware | Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | 2020-10-12 | 2.1 |
CVE-2020-9240 MISC |
| huawei — taurus-an00b_firmware | Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim’s smartphone to launch the attack, successful exploit could cause information disclosure. | 2020-10-12 | 2.1 |
CVE-2020-9110 MISC |
| huawei — taurus-an00b_firmware | Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | 2020-10-12 | 2.1 |
CVE-2020-9091 MISC |
| huawei — ws5800-10_firmware | WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal. | 2020-10-12 | 3.3 |
CVE-2020-9230 MISC |
| ibm — curam_social_program_management | A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user’s device, restricted to a single location. IBM X-Force ID: 189153. | 2020-10-12 | 3.5 |
CVE-2020-4775 XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197. | 2020-10-12 | 3.5 |
CVE-2020-4741 XF CONFIRM |
| ibm — security_guardium | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424. | 2020-10-12 | 3.5 |
CVE-2020-4679 XF CONFIRM |
| ibm — security_guardium | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427. | 2020-10-12 | 3.5 |
CVE-2020-4681 XF CONFIRM |
| ibm — security_guardium | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426. | 2020-10-12 | 3.5 |
CVE-2020-4680 XF CONFIRM |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | 3.3 |
CVE-2020-26905 MISC |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | 3.3 |
CVE-2020-26904 MISC |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | 3.3 |
CVE-2020-26903 MISC |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | 3.3 |
CVE-2020-26900 MISC |
| netgear — cbr40_firmware | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | 2020-10-09 | 3.3 |
CVE-2020-26899 MISC |
| netgear — d7800_firmware | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | 2020-10-09 | 3.5 |
CVE-2020-26915 MISC |
| netgear — ex7000_firmware | Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. | 2020-10-09 | 3.5 |
CVE-2020-26917 MISC |
| netgear — gs808e_firmware | NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. | 2020-10-09 | 2.1 |
CVE-2020-26925 MISC |
| netgear — rbk752_firmware | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-10-09 | 3.3 |
CVE-2020-26901 MISC |
| netgear — wc7500_firmware | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 2020-10-09 | 3.3 |
CVE-2020-26931 MISC |
| netgear — wc7500_firmware | Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 2020-10-09 | 3.5 |
CVE-2020-26923 MISC |
| webmin — webmin | An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. | 2020-10-12 | 3.5 |
CVE-2020-8821 MISC |
| webmin — webmin | An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. | 2020-10-12 | 3.5 |
CVE-2020-8820 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — flash_player |
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. | 2020-10-14 | not yet calculated |
CVE-2020-9746 MISC |
| adobe — magento |
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file. | 2020-10-16 | not yet calculated |
CVE-2020-24408 MISC |
| amazon — aws_firecracker |
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. | 2020-10-16 | not yet calculated |
CVE-2020-27174 MISC MISC MISC |
| amd — multiple_graphics_drivers |
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. | 2020-10-13 | not yet calculated |
CVE-2020-12933 MISC |
| amd — multiple_graphics_drivers |
A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. | 2020-10-13 | not yet calculated |
CVE-2020-12911 MISC |
| amd — ryzen_master |
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. | 2020-10-13 | not yet calculated |
CVE-2020-12928 MISC |
| anuko — time_tracker |
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325. | 2020-10-16 | not yet calculated |
CVE-2020-15255 MISC CONFIRM |
| apache — solr |
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that’s uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. | 2020-10-13 | not yet calculated |
CVE-2020-13957 MLIST MISC |
| apache — tomcat |
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers – including HTTP/2 pseudo headers – from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. | 2020-10-12 | not yet calculated |
CVE-2020-13943 MISC MLIST CONFIRM |
| apereo — cas |
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. | 2020-10-16 | not yet calculated |
CVE-2020-27178 MISC |
| apple — ios_and_ipados |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory. | 2020-10-16 | not yet calculated |
CVE-2020-9958 MISC |
| apple — ios_and_ipados |
This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. | 2020-10-16 | not yet calculated |
CVE-2020-9917 MISC |
| apple — ios_and_ipados |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. | 2020-10-16 | not yet calculated |
CVE-2020-9964 MISC |
| apple — ios_and_ipados |
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination. | 2020-10-16 | not yet calculated |
CVE-2020-9931 MISC |
| apple — ios_and_ipados |
A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. | 2020-10-16 | not yet calculated |
CVE-2020-9959 MISC |
| apple — macos_catalina | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-10-16 | not yet calculated |
CVE-2020-9799 MISC |
| apple — macos_catalina |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-16 | not yet calculated |
CVE-2020-9864 MISC |
| apple — macos_catalina |
This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information. | 2020-10-16 | not yet calculated |
CVE-2020-9913 MISC |
| apple — multiple_products | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9878 MISC MISC MISC |
| apple — multiple_products | An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. | 2020-10-16 | not yet calculated |
CVE-2020-9885 MISC MISC MISC MISC |
| apple — multiple_products | An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. | 2020-10-16 | not yet calculated |
CVE-2020-9914 MISC MISC |
| apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9893 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox. | 2020-10-16 | not yet calculated |
CVE-2020-9865 MISC MISC MISC MISC |
| apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9888 MISC MISC MISC MISC |
| apple — multiple_products | This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network. | 2020-10-16 | not yet calculated |
CVE-2020-9992 MISC MISC |
| apple — multiple_products |
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. | 2020-10-16 | not yet calculated |
CVE-2020-9934 MISC MISC |
| apple — multiple_products |
Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | 2020-10-16 | not yet calculated |
CVE-2020-9910 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 2020-10-16 | not yet calculated |
CVE-2020-9909 MISC MISC MISC |
| apple — multiple_products |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9895 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | 2020-10-16 | not yet calculated |
CVE-2020-9915 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges. | 2020-10-16 | not yet calculated |
CVE-2020-9923 MISC MISC |
| apple — multiple_products |
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information. | 2020-10-16 | not yet calculated |
CVE-2020-9933 MISC MISC MISC |
| apple — multiple_products |
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. | 2020-10-16 | not yet calculated |
CVE-2020-9952 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | 2020-10-16 | not yet calculated |
CVE-2020-9925 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2020-10-16 | not yet calculated |
CVE-2020-9918 MISC MISC MISC MISC |
| apple — multiple_products |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain. | 2020-10-16 | not yet calculated |
CVE-2020-9903 MISC MISC |
| apple — multiple_products |
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | 2020-10-16 | not yet calculated |
CVE-2020-9862 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-16 | not yet calculated |
CVE-2020-9907 MISC MISC |
| apple — multiple_products |
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. | 2020-10-16 | not yet calculated |
CVE-2020-9916 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. | 2020-10-16 | not yet calculated |
CVE-2020-9946 MISC MISC |
| apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9884 MISC |
| apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9936 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code. | 2020-10-16 | not yet calculated |
CVE-2020-9870 MISC MISC MISC |
| apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information. | 2020-10-16 | not yet calculated |
CVE-2020-9976 MISC MISC MISC |
| apple — multiple_products |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy. | 2020-10-16 | not yet calculated |
CVE-2020-9911 MISC MISC |
| apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9894 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files. | 2020-10-16 | not yet calculated |
CVE-2020-9968 MISC MISC MISC MISC |
| apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9889 MISC MISC MISC MISC |
| apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9890 MISC MISC MISC MISC |
| apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9891 MISC MISC MISC MISC |
| apple — safari |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9983 MISC |
| apple — safari |
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9948 MISC |
| apple — safari |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-16 | not yet calculated |
CVE-2020-9951 MISC |
| apple — safari |
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode. | 2020-10-16 | not yet calculated |
CVE-2020-9912 MISC |
| aptean — product_configurator |
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely. | 2020-10-16 | not yet calculated |
CVE-2020-26944 MISC MISC |
| arc_informatique — pcvue | A Denial Of Service vulnerability exists in PcVue from version 8.10 onward, due to the ability for a non-authorized user to modify information used to validate messages sent by legitimate web clients. | 2020-10-12 | not yet calculated |
CVE-2020-26868 MISC |
| arc_informatique — pcvue |
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe deserialization of messages received on the interface. | 2020-10-12 | not yet calculated |
CVE-2020-26867 MISC |
| arc_informatique — pcvue |
An information exposure vulnerability exists in PcVue 12, allowing a non-authorized user to access session data of legitimate users. | 2020-10-12 | not yet calculated |
CVE-2020-26869 MISC |
| atlassian — jira_server |
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1. | 2020-10-12 | not yet calculated |
CVE-2020-14184 MISC |
| atlassian — jira_server |
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. | 2020-10-15 | not yet calculated |
CVE-2020-14185 MISC |
| b&r — automation_runtime |
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition. | 2020-10-15 | not yet calculated |
CVE-2020-11637 MISC |
| b&r — gatemanager_4260_and_9250 |
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. | 2020-10-15 | not yet calculated |
CVE-2020-11646 MISC |
| b&r — gatemanager_4260_and_9250 |
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains. | 2020-10-15 | not yet calculated |
CVE-2020-11643 MISC |
|
b&r — gatemanager_4260_and_9250_and_8250 |
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances. | 2020-10-15 | not yet calculated |
CVE-2020-11645 MISC |
|
b&r — gatemanager_4260_and_9250_and_8250 |
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages. | 2020-10-15 | not yet calculated |
CVE-2020-11644 MISC |
| b&r — sitemanager |
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | 2020-10-15 | not yet calculated |
CVE-2020-11642 MISC |
| b&r — sitemanager |
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. | 2020-10-15 | not yet calculated |
CVE-2020-11641 MISC |
| bass — audio_library |
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive. | 2020-10-16 | not yet calculated |
CVE-2019-18796 MISC MISC |
| bass — audio_library |
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. | 2020-10-16 | not yet calculated |
CVE-2019-18794 MISC MISC |
| bass — audio_library |
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. | 2020-10-16 | not yet calculated |
CVE-2019-18795 MISC MISC |
| bass — audio_library |
The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service. | 2020-10-16 | not yet calculated |
CVE-2019-19513 MISC MISC |
| bender — comtraxx |
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0. | 2020-10-16 | not yet calculated |
CVE-2019-19885 MISC |
| blackberry — uem_core |
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. | 2020-10-14 | not yet calculated |
CVE-2020-6933 MISC |
| bluez — bluez |
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | 2020-10-15 | not yet calculated |
CVE-2020-27153 MISC MISC MISC |
| canimaan_software — clamxav |
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3’s helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool. | 2020-10-16 | not yet calculated |
CVE-2020-26893 MISC |
| cisco — duo_authentication |
A privilege escalation vulnerability exists in the Duo Authentication for Windows Logon and RDP implementation. This vulnerability could allow an authenticated local attacker to overwrite files in privileged directories. | 2020-10-14 | not yet calculated |
CVE-2020-3427 CISCO |
| cisco — duo_network_gateway |
Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG host. Any private keys logged in this way could be viewed by those with access to the DNG host operating system without any need for reversing encrypted values or similar techniques. An attacker that gained access to the DNG logs and with the ability to intercept and manipulate network traffic between a user and the DNG, could decrypt and manipulate SSL/TLS connections to the DNG and to the protected applications behind it. Duo Network Gateway (DNG) versions 1.3.3 through 1.5.7 are affected. | 2020-10-14 | not yet calculated |
CVE-2020-3483 CISCO |
| containerd — containerd |
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user’s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. | 2020-10-16 | not yet calculated |
CVE-2020-15157 MISC CONFIRM |
| crossbeam — crossbeam |
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4. | 2020-10-16 | not yet calculated |
CVE-2020-15254 MISC MISC CONFIRM MISC |
| dca — vantage_analyzer |
A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device. | 2020-10-13 | not yet calculated |
CVE-2020-7590 MISC |
| dca — vantage_analyzer |
A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system. | 2020-10-13 | not yet calculated |
CVE-2020-15797 MISC |
| debian — sympa |
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | 2020-10-10 | not yet calculated |
CVE-2020-26932 MISC MISC |
| dell — emc_networker |
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform ‘saveset’ related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. | 2020-10-16 | not yet calculated |
CVE-2020-26182 CONFIRM |
| dell — emc_networker |
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform ‘nsrmmdbd’ operations in an unintended manner. | 2020-10-16 | not yet calculated |
CVE-2020-26183 CONFIRM |
| desigo — insight |
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system. | 2020-10-15 | not yet calculated |
CVE-2020-15794 MISC |
| desigo — insight |
A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack. | 2020-10-15 | not yet calculated |
CVE-2020-15792 MISC |
| desigo — insight |
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker. | 2020-10-15 | not yet calculated |
CVE-2020-15793 MISC |
| eclipse — vert |
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn’t correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | 2020-10-15 | not yet calculated |
CVE-2019-17640 CONFIRM |
| electron — wire |
In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL’s protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory. | 2020-10-16 | not yet calculated |
CVE-2020-15258 MISC MISC CONFIRM |
| emby — emby_server |
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | 2020-10-10 | not yet calculated |
CVE-2020-26948 MISC MISC |
| excast — pro_ii |
In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device. | 2020-10-16 | not yet calculated |
CVE-2019-12305 MISC |
| excellium — helpdeskz |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-10-12 | not yet calculated |
CVE-2020-26546 MISC |
| f2fs-tools — f2fs-tools | An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2020-10-15 | not yet calculated |
CVE-2020-6105 MISC |
| f2fs-tools — f2fs-tools |
An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 2020-10-15 | not yet calculated |
CVE-2020-6104 MISC |
| f2fs-tools — f2fs-tools |
An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. | 2020-10-15 | not yet calculated |
CVE-2020-6106 MISC |
| f2fs-tools — f2fs-tools |
An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2020-10-15 | not yet calculated |
CVE-2020-6108 MISC |
| f2fs-tools — f2fs-tools |
An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 2020-10-15 | not yet calculated |
CVE-2020-6107 MISC |
| foxit — reader |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11657. | 2020-10-13 | not yet calculated |
CVE-2020-17417 N/A N/A |
| foxit — reader |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11497. | 2020-10-13 | not yet calculated |
CVE-2020-17416 N/A N/A |
| gitea — gitea |
The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution. | 2020-10-16 | not yet calculated |
CVE-2020-14144 MISC MISC MISC |
| gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. | 2020-10-12 | not yet calculated |
CVE-2020-13341 CONFIRM MISC MISC |
| gogs — gogs |
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. | 2020-10-16 | not yet calculated |
CVE-2020-15867 MISC |
| google — android |
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A | 2020-10-14 | not yet calculated |
CVE-2020-0423 MISC |
| google — android |
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android’s download manager and detects if the downloaded file’s url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral’s servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background). | 2020-10-15 | not yet calculated |
CVE-2020-7744 MISC MISC MISC |
| grocy — grocy |
Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept. | 2020-10-14 | not yet calculated |
CVE-2020-15253 MISC MISC MISC CONFIRM |
| huawei — mate_20_devices |
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim’s smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11). | 2020-10-12 | not yet calculated |
CVE-2020-9109 MISC |
| huawei — p30_pro_devices |
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. | 2020-10-12 | not yet calculated |
CVE-2020-9123 MISC |
| ibm — curam_social_program_management |
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159. | 2020-10-12 | not yet calculated |
CVE-2020-4781 XF CONFIRM |
| ibm — curam_social_program_management |
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152. | 2020-10-12 | not yet calculated |
CVE-2020-4774 XF CONFIRM |
| ibm — curam_social_program_management |
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. | 2020-10-12 | not yet calculated |
CVE-2020-4779 XF CONFIRM |
| ibm — curam_social_program_management |
A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151. | 2020-10-12 | not yet calculated |
CVE-2020-4773 XF CONFIRM |
| ibm — curam_social_program_management |
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the ‘secure’ attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158. | 2020-10-12 | not yet calculated |
CVE-2020-4780 XF CONFIRM |
| ibm — curam_social_program_management |
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150. | 2020-10-12 | not yet calculated |
CVE-2020-4772 XF CONFIRM |
| ibm — curam_social_program_management |
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. | 2020-10-12 | not yet calculated |
CVE-2020-4778 XF CONFIRM |
| ibm — curam_social_program_management |
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154. | 2020-10-12 | not yet calculated |
CVE-2020-4776 XF CONFIRM |
| ibm — resilient_onprem |
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. | 2020-10-16 | not yet calculated |
CVE-2020-4636 XF CONFIRM |
| ibm — security_access_manager |
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358. | 2020-10-14 | not yet calculated |
CVE-2020-4395 XF CONFIRM |
| ibm — security_access_manager_and_security_verify_access |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. | 2020-10-12 | not yet calculated |
CVE-2020-4699 XF CONFIRM |
| ibm — security_access_manager_and_security_verify_access |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. | 2020-10-15 | not yet calculated |
CVE-2020-4499 XF CONFIRM |
| ibm — security_access_manager_and_security_verify_access |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. | 2020-10-12 | not yet calculated |
CVE-2020-4661 XF CONFIRM |
| ibm — security_access_manager_and_security_verify_access |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. | 2020-10-12 | not yet calculated |
CVE-2020-4660 XF CONFIRM |
| ibm — security_access_manager_and_security_verify_access |
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. | 2020-10-15 | not yet calculated |
CVE-2019-4552 XF CONFIRM |
| ibm — security_guardium_big_data_intelligence |
IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. | 2020-10-16 | not yet calculated |
CVE-2020-4254 XF CONFIRM |
| iproom — mmc+_server |
IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim’s login credentials. | 2020-10-14 | not yet calculated |
CVE-2020-24551 MISC |
| jfrog — artifactory |
Jfrog Artifactory uses default passwords (such as “password”) for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. | 2020-10-12 | not yet calculated |
CVE-2019-17444 MISC MISC |
| juniper_networks — ex2300_series_devices |
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: … Idle 2 percent the “Idle” value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary … PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. | 2020-10-16 | not yet calculated |
CVE-2020-1668 CONFIRM |
| juniper_networks — ex4300_series_devices |
On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated |
CVE-2020-1670 MISC |
| juniper_networks — ex4600_and_qfx_5000_series_devices |
When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a ‘user-vlan-id’ match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under ‘user-vlan-id’. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. | 2020-10-16 | not yet calculated |
CVE-2020-1685 CONFIRM |
| juniper_networks — junos_mx_series_devices |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing “URL Filtering service”, can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. | 2020-10-16 | not yet calculated |
CVE-2020-1667 MISC |
| juniper_networks — junos_os |
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability. | 2020-10-16 | not yet calculated |
CVE-2020-1664 CONFIRM |
| juniper_networks — junos_os |
Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user’s HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 – S 0:00.13 /usr/sbin/httpd-gk -N 5797 – I 0:00.10 /usr/sbin/httpd –config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. | 2020-10-16 | not yet calculated |
CVE-2020-1673 CONFIRM |
| juniper_networks — junos_os |
Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the “bounded receive delay”, there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1. | 2020-10-16 | not yet calculated |
CVE-2020-1674 MISC CONFIRM MISC |
| juniper_networks — junos_os |
On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5. | 2020-10-16 | not yet calculated |
CVE-2020-1661 CONFIRM |
| juniper_networks — junos_os |
On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated |
CVE-2020-1672 CONFIRM |
| juniper_networks — junos_os |
The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2. | 2020-10-16 | not yet calculated |
CVE-2020-1656 CONFIRM MISC MISC MISC |
| juniper_networks — junos_os |
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1. | 2020-10-16 | not yet calculated |
CVE-2020-1671 CONFIRM |
| juniper_networks — junos_os_and_junos_os_evolved |
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the “show task memory detail | match policy | match evpn” command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ———————— Allocator Memory Report ———————— Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ———————— Allocator Memory Report ———————— Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO. | 2020-10-16 | not yet calculated |
CVE-2020-1678 CONFIRM |
| juniper_networks — junos_os_and_junos_os_evolved_devices |
On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3. | 2020-10-16 | not yet calculated |
CVE-2020-1662 CONFIRM |
| juniper_networks — junos_os_devices |
On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. | 2020-10-16 | not yet calculated |
CVE-2020-1686 CONFIRM |
| juniper_networks — junos_os_devices |
On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory | match “pfe_ipc|kmem” pfe_ipc 147 5K – 164352 16,32,64,8192 <– increasing vm.kmem_map_free: 127246336 <– decreasing pfe_ipc 0 0K – 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3. | 2020-10-16 | not yet calculated |
CVE-2020-1683 CONFIRM |
| juniper_networks — junos_os_evolved |
The system console configuration option ‘log-out-on-disconnect’ In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO. | 2020-10-16 | not yet calculated |
CVE-2020-1666 CONFIRM |
| juniper_networks — junos_os_evolved |
Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability. | 2020-10-16 | not yet calculated |
CVE-2020-1681 CONFIRM |
| juniper_networks — mist_cloud_ui |
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | 2020-10-16 | not yet calculated |
CVE-2020-1676 CONFIRM |
| juniper_networks — multiple_junos_os_devices | On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated |
CVE-2020-1687 CONFIRM |
| juniper_networks — multiple_junos_os_devices |
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated |
CVE-2020-1689 CONFIRM |
| juniper_networks — multiple_junos_os_devices |
An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects the following versions of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, vSRX, NFX150: 15.1X49 versions prior to 15.1X49-D220; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3. This issue does not affect Junos OS 19.3 or any subsequent version. | 2020-10-16 | not yet calculated |
CVE-2020-1682 CONFIRM |
| juniper_networks — mx_series_and_ex9200_series_devices |
On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2. | 2020-10-16 | not yet calculated |
CVE-2020-1665 CONFIRM MISC |
| juniper_networks — mx_series_devices |
On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S7; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2. | 2020-10-16 | not yet calculated |
CVE-2020-1680 CONFIRM |
| juniper_networks — mx_series_devices |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing “URL Filtering service”, may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. | 2020-10-16 | not yet calculated |
CVE-2020-1660 CONFIRM |
| juniper_networks — nfx350_devices |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2. | 2020-10-16 | not yet calculated |
CVE-2020-1669 CONFIRM |
| juniper_networks — ptx/qfx_series_devices |
On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state … Number of async queue entries: 65007 <— this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. | 2020-10-16 | not yet calculated |
CVE-2020-1679 CONFIRM |
| juniper_networks — srx_series_and_nfx_series_devices |
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. | 2020-10-16 | not yet calculated |
CVE-2020-1688 MISC CONFIRM MISC MISC MISC |
| juniper_networks — srx_series_devices |
On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases. | 2020-10-16 | not yet calculated |
CVE-2020-1657 CONFIRM |
| juniper_networks — srx_series_devices |
On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2. | 2020-10-16 | not yet calculated |
CVE-2020-1684 CONFIRM |
| junit — junit4 |
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system’s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. | 2020-10-12 | not yet calculated |
CVE-2020-15250 MISC MISC MISC CONFIRM MISC MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
| lcds — laquis_scada |
An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | 2020-10-14 | not yet calculated |
CVE-2020-25188 MISC MISC |
| lenovo — cloud_networking_operating_system |
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL. | 2020-10-14 | not yet calculated |
CVE-2020-8349 MISC |
| lenovo — hardwarescan_plugin |
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | 2020-10-14 | not yet calculated |
CVE-2020-8345 MISC |
| lenovo — multiple_devices |
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected. | 2020-10-14 | not yet calculated |
CVE-2020-8332 MISC |
| lenovo — thinkpad_stack_wireless_router |
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | 2020-10-14 | not yet calculated |
CVE-2020-8350 MISC |
| libarchive — libarchive |
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product’s official releases are unaffected. | 2020-10-15 | not yet calculated |
CVE-2020-21674 MISC MISC |
| libass — libass |
In libass 0.14.0, the `ass_outline_construct`’s call to `outline_stroke` causes a signed integer overflow. | 2020-10-16 | not yet calculated |
CVE-2020-26682 MISC MISC |
| linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. | 2020-10-16 | not yet calculated |
CVE-2020-27194 MISC MISC |
| mark_text — mark_text |
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the “source code mode” feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product. | 2020-10-16 | not yet calculated |
CVE-2020-27176 MISC |
| mcafee — active_response |
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed | 2020-10-15 | not yet calculated |
CVE-2020-7326 CONFIRM |
| mcafee — application_and_change_control |
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. | 2020-10-15 | not yet calculated |
CVE-2020-7334 CONFIRM |
| mcafee — epolicy_orchistrator |
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for “syncPointList” not being correctly sanitsed. | 2020-10-14 | not yet calculated |
CVE-2020-7318 MISC |
| mcafee — epolicy_orchistrator |
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for “syncPointList” not being correctly sanitsed. | 2020-10-14 | not yet calculated |
CVE-2020-7317 MISC |
| mcafee — mvision_endpoint_detection_and_response_client |
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | 2020-10-15 | not yet calculated |
CVE-2020-7327 CONFIRM |
| mcafee — total_protection |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | 2020-10-14 | not yet calculated |
CVE-2020-7330 CONFIRM |
| microhard — bullet-lte |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10596. | 2020-10-13 | not yet calculated |
CVE-2020-17407 N/A |
| microhard — bullet-lte |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595. | 2020-10-13 | not yet calculated |
CVE-2020-17406 N/A |
| microsoft — .net_framework |
An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory, aka ‘.NET Framework Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16937 MISC |
| microsoft — 3d_viewer |
A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16918. | 2020-10-16 | not yet calculated |
CVE-2020-17003 MISC |
| microsoft — 3d_viewer_and_365_apps_for_enterprise |
A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17003. | 2020-10-16 | not yet calculated |
CVE-2020-16918 MISC |
| microsoft — azure_functions |
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions., aka ‘Azure Functions Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16904 MISC |
| microsoft — dynamics_365 |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16956. | 2020-10-16 | not yet calculated |
CVE-2020-16978 MISC |
| microsoft — dynamics_365 |
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka ‘Dynamics 365 Commerce Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16943 MISC |
| microsoft — dynamics_365 |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16978. | 2020-10-16 | not yet calculated |
CVE-2020-16956 MISC |
| microsoft — excel |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16931, CVE-2020-16932. | 2020-10-16 | not yet calculated |
CVE-2020-16930 MISC |
| microsoft — excel |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16932. | 2020-10-16 | not yet calculated |
CVE-2020-16931 MISC |
| microsoft — excel |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16931. | 2020-10-16 | not yet calculated |
CVE-2020-16932 MISC |
| microsoft — excel |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932. | 2020-10-16 | not yet calculated |
CVE-2020-16929 MISC |
| microsoft — exchange |
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages, aka ‘Microsoft Exchange Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16969 MISC |
| microsoft — network_watcher_agent |
An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux, aka ‘Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16995 MISC |
| microsoft — office | An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955. | 2020-10-16 | not yet calculated |
CVE-2020-16928 MISC |
| microsoft — office |
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955. | 2020-10-16 | not yet calculated |
CVE-2020-16934 MISC |
| microsoft — office |
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934. | 2020-10-16 | not yet calculated |
CVE-2020-16955 MISC |
| microsoft — office |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ‘Microsoft Office Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16954 MISC |
| microsoft — office_access_connectivity_engine |
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16957 MISC |
| microsoft — outlook |
A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16947 MISC |
| microsoft — outlook |
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Denial of Service Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16949 MISC |
| microsoft — powershellget |
A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka ‘PowerShellGet Module WDAC Security Feature Bypass Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16886 MISC |
| microsoft — sharepoint_server | An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953. | 2020-10-16 | not yet calculated |
CVE-2020-16950 MISC |
| microsoft — sharepoint_server |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16946. | 2020-10-16 | not yet calculated |
CVE-2020-16945 MISC |
| microsoft — sharepoint_server |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16952. | 2020-10-16 | not yet calculated |
CVE-2020-16951 MISC |
| microsoft — sharepoint_server |
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953. | 2020-10-16 | not yet calculated |
CVE-2020-16948 MISC |
| microsoft — sharepoint_server |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16945. | 2020-10-16 | not yet calculated |
CVE-2020-16946 MISC |
| microsoft — sharepoint_server |
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950. | 2020-10-16 | not yet calculated |
CVE-2020-16953 MISC |
| microsoft — sharepoint_server |
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka ‘Microsoft SharePoint Reflective XSS Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16944 MISC |
| microsoft — sharepoint_server |
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953. | 2020-10-16 | not yet calculated |
CVE-2020-16942 MISC |
| microsoft — sharepoint_server |
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953. | 2020-10-16 | not yet calculated |
CVE-2020-16941 MISC |
| microsoft — sharepoint_server |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16951. | 2020-10-16 | not yet calculated |
CVE-2020-16952 MISC |
| microsoft — visual_studio_code |
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-17023 MISC |
| microsoft — windows |
An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points, aka ‘Windows Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16877 MISC |
| microsoft — windows_10 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16915 MISC |
| microsoft — windows_10 | An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16896 MISC |
| microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16924 MISC |
| microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16916. | 2020-10-16 | not yet calculated |
CVE-2020-16935 MISC |
| microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16923. | 2020-10-16 | not yet calculated |
CVE-2020-1167 MISC |
| microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16876. | 2020-10-16 | not yet calculated |
CVE-2020-16920 MISC |
| microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | not yet calculated |
CVE-2020-16974 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16890 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16913. | 2020-10-16 | not yet calculated |
CVE-2020-16907 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16895 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka ‘Windows – User Profile Service Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16940 MISC |
| microsoft — windows_10 |
A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Denial of Service Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16899 MISC |
| microsoft — windows_10 |
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-1243 MISC |
| microsoft — windows_10 |
A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP traffic, aka ‘Windows NAT Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16894 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka ‘Windows Image Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16892 MISC |
| microsoft — windows_10 |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16891 MISC |
| microsoft — windows_10 |
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16938. | 2020-10-16 | not yet calculated |
CVE-2020-16901 MISC |
| microsoft — windows_10 |
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1167. | 2020-10-16 | not yet calculated |
CVE-2020-16923 MISC |
| microsoft — windows_10 |
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka ‘Windows KernelStream Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16889 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Installer Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16902 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-0764 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1080. | 2020-10-16 | not yet calculated |
CVE-2020-1047 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16887 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka ‘Windows Storage VSP Driver Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16885 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1047. | 2020-10-16 | not yet calculated |
CVE-2020-1080 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Event System Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16900 MISC |
| microsoft — windows_10 |
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16898 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | not yet calculated |
CVE-2020-16973 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16909. | 2020-10-16 | not yet calculated |
CVE-2020-16905 MISC |
| microsoft — windows_10 |
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka ‘Windows Spoofing Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16922 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16907. | 2020-10-16 | not yet calculated |
CVE-2020-16913 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | not yet calculated |
CVE-2020-16936 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | not yet calculated |
CVE-2020-16972 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka ‘Group Policy Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16939 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Setup Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16908 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16905. | 2020-10-16 | not yet calculated |
CVE-2020-16909 MISC |
| microsoft — windows_10 |
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka ‘Windows Security Feature Bypass Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16910 MISC |
| microsoft — windows_10 |
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16911 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | not yet calculated |
CVE-2020-16912 MISC |
| microsoft — windows_10 |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16901. | 2020-10-16 | not yet calculated |
CVE-2020-16938 MISC |
| microsoft — windows_10 |
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI+ Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16914 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976. | 2020-10-16 | not yet calculated |
CVE-2020-16975 MISC |
| microsoft — windows_10 |
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16968. | 2020-10-16 | not yet calculated |
CVE-2020-16967 MISC |
| microsoft — windows_10 |
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16927 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16935. | 2020-10-16 | not yet calculated |
CVE-2020-16916 MISC |
| microsoft — windows_10 |
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations, aka ‘Windows Enterprise App Management Service Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16919 MISC |
| microsoft — windows_10 |
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16967. | 2020-10-16 | not yet calculated |
CVE-2020-16968 MISC |
| microsoft — windows_10 |
An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory, aka ‘Windows Text Services Framework Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16921 MISC |
| microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975. | 2020-10-16 | not yet calculated |
CVE-2020-16976 MISC |
| microsoft — windows_codecs_library |
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-17022 MISC |
| microsoft — windows_server |
An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka ‘Windows iSCSI Target Service Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16980 MISC |
| microsoft — word |
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka ‘Microsoft Word Security Feature Bypass Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16933 MISC |
| monero — monero_wallet_gui |
monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. | 2020-10-10 | not yet calculated |
CVE-2020-26947 MISC |
| mybatis — mybatis |
MyBatis before 3.5.6 mishandles deserialization of object streams. | 2020-10-10 | not yet calculated |
MISC MISC |
| netbios — netbios |
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka ‘NetBT Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16897 MISC |
| netgear — multiple_routers |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754. | 2020-10-13 | not yet calculated |
CVE-2020-17409 N/A N/A |
| octopus — octopus_deploy |
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. | 2020-10-12 | not yet calculated |
CVE-2020-25825 CONFIRM CONFIRM CONFIRM CONFIRM |
| olimpoks — olimpoks |
OLIMPOKS before 5.1.0 allows Auth/Admin ErrorMessage XSS. | 2020-10-16 | not yet calculated |
CVE-2020-16270 MISC MISC |
| open_enclave — open_enclave |
In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability. | 2020-10-14 | not yet calculated |
CVE-2020-15224 MISC MISC CONFIRM |
| openstack — blazer_dashboard |
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. | 2020-10-16 | not yet calculated |
CVE-2020-26943 MLIST MISC MISC MISC MISC MISC MISC CONFIRM |
| opensuse — powerdns_recursor |
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). | 2020-10-16 | not yet calculated |
CVE-2020-25829 SUSE CONFIRM |
| otrs — open_ticket_request_system | Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions. | 2020-10-15 | not yet calculated |
CVE-2020-1777 CONFIRM |
| overwolf — overwolf_client |
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. | 2020-10-16 | not yet calculated |
CVE-2020-25214 MISC |
| pepperl_+_fuchs — comtrol_rocketlinx |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. | 2020-10-15 | not yet calculated |
CVE-2020-12502 CONFIRM |
| pepperl_+_fuchs — comtrol_rocketlinx |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. | 2020-10-15 | not yet calculated |
CVE-2020-12501 CONFIRM |
| pepperl_+_fuchs — comtrol_rocketlinx |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. | 2020-10-15 | not yet calculated |
CVE-2020-12503 CONFIRM |
| pepperl_+_fuchs — comtrol_rocketlinx |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration. | 2020-10-15 | not yet calculated |
CVE-2020-12500 CONFIRM |
| pepperl_+_fuchs — comtrol_rocketlinx |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | 2020-10-15 | not yet calculated |
CVE-2020-12504 CONFIRM |
| phpmyadmin — phpmyadmin |
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | 2020-10-10 | not yet calculated |
CVE-2020-26935 SUSE MISC |
| phpmyadmin — phpmyadmin |
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 2020-10-10 | not yet calculated |
CVE-2020-26934 SUSE MISC |
| phpredisadmin — phpredisadmin |
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. | 2020-10-16 | not yet calculated |
CVE-2020-27163 MISC |
| qemu — qemu |
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | 2020-10-16 | not yet calculated |
CVE-2020-24352 MISC MISC |
| qualcomm — qcmap |
The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. | 2020-10-15 | not yet calculated |
CVE-2020-25859 MISC |
| qualcomm — qcmap |
The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. | 2020-10-15 | not yet calculated |
CVE-2020-25858 MISC |
| rapid7 — nexpose |
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. | 2020-10-14 | not yet calculated |
CVE-2020-7383 MISC |
| red_hat — jboss_eap |
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability. | 2020-10-16 | not yet calculated |
CVE-2020-14299 MISC |
| rockwell_automation — allen-bradley_flex_io_1794-aent/b | An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | 2020-10-14 | not yet calculated |
CVE-2020-6083 MISC |
| rockwell_automation — allen-bradley_flex_io_1794-aent/b |
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | 2020-10-14 | not yet calculated |
CVE-2020-6086 MISC |
| rockwell_automation — allen-bradley_flex_io_1794-aent/b |
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | 2020-10-14 | not yet calculated |
CVE-2020-6087 MISC |
| ros_comm — openrobotics |
Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065. | 2020-10-13 | not yet calculated |
CVE-2020-16124 CONFIRM |
| sage — dpw |
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field “Kurs suchen” on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user’s browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware. | 2020-10-16 | not yet calculated |
CVE-2020-26584 MISC MISC MISC |
| sage — dpw |
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include arbitrary HTML or JavaScript code into the affected web page. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware. | 2020-10-16 | not yet calculated |
CVE-2020-26583 MISC MISC MISC |
| samsung — samsung |
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | 2020-10-12 | not yet calculated |
CVE-2020-7811 MISC |
| sap — 3d_visual_enterprise_viewer |
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 2020-10-15 | not yet calculated |
CVE-2020-6372 MISC MISC |
| sap — 3d_visual_enterprise_viewer |
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 2020-10-15 | not yet calculated |
CVE-2020-6376 MISC MISC |
| sap — 3d_visual_enterprise_viewer |
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 2020-10-15 | not yet calculated |
CVE-2020-6375 MISC MISC |
| sap — 3d_visual_enterprise_viewer |
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 2020-10-15 | not yet calculated |
CVE-2020-6374 MISC MISC |
| sap — 3d_visual_enterprise_viewer |
SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 2020-10-15 | not yet calculated |
CVE-2020-6373 MISC MISC |
| sap — business_planning_and_consolidation |
SAP Business Planning and Consolidation, versions – 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting. | 2020-10-15 | not yet calculated |
CVE-2020-6368 MISC MISC |
| sap — commerce_cloud |
SAP Commerce Cloud versions – 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability. | 2020-10-15 | not yet calculated |
CVE-2020-6272 MISC MISC |
| sap — commerce_cloud |
SAP Commerce Cloud, versions – 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration. | 2020-10-15 | not yet calculated |
CVE-2020-6363 MISC MISC |
| sap — netweaver_application_server |
SAP NetWeaver Application Server Java, versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting. | 2020-10-15 | not yet calculated |
CVE-2020-6319 MISC MISC |
| sap — netweaver_application_server |
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions – 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | 2020-10-15 | not yet calculated |
CVE-2020-6371 MISC MISC |
| sap — netweaver_as_java |
SAP NetWeaver AS Java, versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits. | 2020-10-15 | not yet calculated |
CVE-2020-6365 MISC MISC |
| sap — netweaver_enterprise_portal |
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions – 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. | 2020-10-15 | not yet calculated |
CVE-2020-6323 MISC MISC |
| sap — soulution_manager_and_sap_focused_run |
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability. | 2020-10-15 | not yet calculated |
CVE-2020-6364 MISC MISC |
| siport — mp |
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (“Allow logon without password”) is enabled. | 2020-10-15 | not yet calculated |
CVE-2020-7591 MISC |
| snyk — prototype_pollution |
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | 2020-10-13 | not yet calculated |
CVE-2020-7743 MISC MISC MISC MISC MISC MISC |
| sonatype — nexus_repository_manager |
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to). | 2020-10-12 | not yet calculated |
CVE-2020-15012 CONFIRM |
| sonicos — sonicos | A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5137 CONFIRM |
| sonicos — sonicos | A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5141 CONFIRM |
| sonicos — sonicos | A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5138 CONFIRM |
| sonicos — sonicos |
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5134 CONFIRM |
| sonicos — sonicos |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5133 CONFIRM |
| sonicos — sonicos |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5135 CONFIRM |
| sonicos — sonicos |
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5136 CONFIRM |
| sonicos — sonicos |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5140 CONFIRM |
| sonicos — sonicos |
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5139 CONFIRM |
| sonicos — sonicos |
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5143 CONFIRM |
| sonicos — sonicos |
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | 2020-10-12 | not yet calculated |
CVE-2020-5142 CONFIRM |
| sopel — channelmgnt |
In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg. | 2020-10-13 | not yet calculated |
CVE-2020-15251 MISC MISC CONFIRM MISC MISC MISC |
| sylabs — singularity |
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `–fakeroot` or a VM for that. | 2020-10-14 | not yet calculated |
CVE-2020-15229 MISC MISC MISC CONFIRM |
| telegram — telegram_desktop |
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files. | 2020-10-14 | not yet calculated |
CVE-2020-25824 MISC MISC MISC |
| trend_micro — antivirus_for_mac |
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2020-10-14 | not yet calculated |
CVE-2020-27013 N/A N/A |
| trend_micro — antivirus_for_mac_2020 |
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 2020-10-14 | not yet calculated |
CVE-2020-25778 N/A N/A |
| trend_micro — antivirus_for_mac_2020 |
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-10-14 | not yet calculated |
CVE-2020-25777 N/A N/A |
| trend_micro — antivirus_for_mac_2020 |
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature. | 2020-10-13 | not yet calculated |
CVE-2020-25779 MISC |
| uniper_networks — mist_cloud_ui |
When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | 2020-10-16 | not yet calculated |
CVE-2020-1675 CONFIRM |
| uniper_networks — mist_cloud_ui |
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | 2020-10-16 | not yet calculated |
CVE-2020-1677 CONFIRM |
| united_planet — united_planet |
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 20.03 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | 2020-10-14 | not yet calculated |
CVE-2020-24188 MISC |
| veritas — aptare
|
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. | 2020-10-15 | not yet calculated |
CVE-2020-27157 MISC |
| veritas — aptare |
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. | 2020-10-15 | not yet calculated |
CVE-2020-27156 MISC |
| vm-superio — vm-superio |
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. | 2020-10-16 | not yet calculated |
CVE-2020-27173 MISC MISC |
| vmware — horizon_client |
VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. | 2020-10-16 | not yet calculated |
CVE-2020-3991 MISC |
| windows — application_compatibility_client_library |
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16920. | 2020-10-16 | not yet calculated |
CVE-2020-16876 MISC |
| windows — remote_desktop_service |
A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Service Denial of Service Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16863 MISC |
| windows –visual_studio_code |
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’. | 2020-10-16 | not yet calculated |
CVE-2020-16977 MISC |
| wordpress — wordpress |
Testimonial Rotator WordPress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in “cite” parameter, the payload will be stored in the database. | 2020-10-16 | not yet calculated |
CVE-2020-26672 MISC |
| xwiki — xwiki |
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6. | 2020-10-16 | not yet calculated |
CVE-2020-15252 CONFIRM MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.