Vulnerability Summary for the Week of November 16, 2020

Original release date: November 23, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
golang — go	Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.	2020-11-18	7.5	CVE-2020-28367 MISC CONFIRM MLIST MLIST FEDORA
golang — go	Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.	2020-11-18	7.5	CVE-2020-28366 MISC CONFIRM MLIST FEDORA
jetbrains — toolbox	JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.	2020-11-16	10	CVE-2020-25207 MISC CONFIRM
riken — xoonips	Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.	2020-11-16	7.5	CVE-2020-5664 MISC MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
chronoengine — chronoforums	Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.	2020-11-16	4.3	CVE-2020-27459 MISC
cmsuno_project — cmsuno	An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.	2020-11-13	6.5	CVE-2020-25538 MISC
golang — go	Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.	2020-11-18	5	CVE-2020-28362 CONFIRM MLIST FEDORA
intel — proset/wireless_wifi	Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.	2020-11-13	5.8	CVE-2020-12313 MISC
ivanti — endpoint_manager	LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.	2020-11-16	6.5	CVE-2020-13769 MISC MISC
ivanti — endpoint_manager	In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.	2020-11-16	5	CVE-2020-13772 MISC MISC
jetbrains — toolbox	JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.	2020-11-16	5	CVE-2020-25013 MISC CONFIRM
jetbrains — youtrack	In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.	2020-11-16	5	CVE-2020-25210 MISC CONFIRM
jetbrains — youtrack	JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.	2020-11-16	5	CVE-2020-27626 MISC CONFIRM
jetbrains — youtrack	In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.	2020-11-16	5	CVE-2020-27625 MISC
jetbrains — youtrack	JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.	2020-11-16	5	CVE-2020-27624 MISC CONFIRM
jetbrains — youtrack	In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.	2020-11-16	5	CVE-2020-25209 MISC CONFIRM
microfocus — arcsight_logger	Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)	2020-11-17	4.3	CVE-2020-11860 CONFIRM
microfocus — arcsight_logger	Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).	2020-11-17	4.3	CVE-2020-25834 CONFIRM
netapp — hci	Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.	2020-11-13	5	CVE-2020-8583 MISC
netapp — hci	Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.	2020-11-13	4	CVE-2020-8582 MISC
pixar — openusd	A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.	2020-11-13	6.8	CVE-2020-6147 FULLDISC MISC
pixar — openusd	A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.	2020-11-13	6.8	CVE-2020-6156 MISC
pixar — openusd	A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.	2020-11-13	6.8	CVE-2020-6155 MISC
pixar — openusd	A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow.	2020-11-13	6.8	CVE-2020-6150 MISC
pixar — openusd	A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.	2020-11-13	6.8	CVE-2020-6149 MISC
pixar — openusd	A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.	2020-11-13	6.8	CVE-2020-6148 MISC
postgresql — postgresql	A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	2020-11-16	6.5	CVE-2020-25695 MISC MISC
postgresql — postgresql	A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	2020-11-16	6.8	CVE-2020-25694 MISC MISC
riken — xoonips	SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.	2020-11-16	6.5	CVE-2020-5659 MISC MISC
riken — xoonips	Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.	2020-11-16	4	CVE-2020-5663 MISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
ibm — infosphere_information_server	IBM InfoSphere Information Server 11.7 stores sensitive information in the browser’s history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.	2020-11-13	2.1	CVE-2020-4886 XF CONFIRM
jetbrains — youtrack	Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.	2020-11-16	2.1	CVE-2020-24366 MISC CONFIRM
microfocus — filr	Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.	2020-11-17	3.5	CVE-2020-25832 CONFIRM
microfocus — idol	Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.	2020-11-17	3.5	CVE-2020-25833 CONFIRM
nagios — nagios_xi	Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).	2020-11-16	3.5	CVE-2020-27988 CONFIRM
nagios — nagios_xi	Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).	2020-11-16	3.5	CVE-2020-27989 CONFIRM
nagios — nagios_xi	Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).	2020-11-16	3.5	CVE-2020-27990 CONFIRM
nagios — nagios_xi	Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).	2020-11-16	3.5	CVE-2020-27991 CONFIRM
riken — xoonips	Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.	2020-11-16	3.5	CVE-2020-5662 MISC MISC
salesagility — suitecrm	SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.	2020-11-18	3.5	CVE-2020-14208 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
airleader — master_and_easy_devices	Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.	2020-11-16	not yet calculated	CVE-2020-26509 MISC
airleader — master_devices	Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.	2020-11-16	not yet calculated	CVE-2020-26510 MISC
amazon — amazon_web_services_encryption_sdk	A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.	2020-11-16	not yet calculated	CVE-2020-8897 CONFIRM CONFIRM
anuku — time_tracker	Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user’s mailbox	2020-11-16	not yet calculated	CVE-2020-27423 MISC
anuku — time_tracker	In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn’t expire once used, allowing an attacker to use the same link to takeover the account.	2020-11-16	not yet calculated	CVE-2020-27422 MISC MISC
apache — libapreq2	A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.	2020-11-19	not yet calculated	CVE-2019-12412 MISC MISC
apache — openoffice	A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.	2020-11-17	not yet calculated	CVE-2020-13958 MISC
archive_tar — archive_tar	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.	2020-11-19	not yet calculated	CVE-2020-28949 MISC
archive_tar — archive_tar	Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.	2020-11-19	not yet calculated	CVE-2020-28948 MISC
artworks_gallery — artworks_gallery	The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.	2020-11-17	not yet calculated	CVE-2020-28688 MISC MISC
artworks_gallery — artworks_gallery	The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.	2020-11-17	not yet calculated	CVE-2020-28687 MISC MISC
avaya — weblm	An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.	2020-11-13	not yet calculated	CVE-2020-7032 MISC FULLDISC CONFIRM
aviatrix — cloud_controller	An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.	2020-11-17	not yet calculated	CVE-2020-26550 MISC
aviatrix — cloud_controller	An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.	2020-11-17	not yet calculated	CVE-2020-26548 MISC
aviatrix — cloud_controller	An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.	2020-11-17	not yet calculated	CVE-2020-26549 MISC
aviatrix — cloud_controller	An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.	2020-11-17	not yet calculated	CVE-2020-26551 MISC
aviatrix — cloud_controller	An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.	2020-11-17	not yet calculated	CVE-2020-26552 MISC
aviatrix — cloud_controller	An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.	2020-11-17	not yet calculated	CVE-2020-26553 MISC
avid_cloud_solutions — cloudavid_pparam	Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.	2020-11-16	not yet calculated	CVE-2020-28723 MISC MISC
avideo — avideo	There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.	2020-11-16	not yet calculated	CVE-2020-23490 MISC MISC
avideo — avideo	The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.	2020-11-16	not yet calculated	CVE-2020-23489 MISC MISC
basetech — ge-131-1837836_firmware	A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information.	2020-11-17	not yet calculated	CVE-2020-27553 MISC
basetech — ge-131-1837836_firmware	Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.	2020-11-17	not yet calculated	CVE-2020-27555 MISC
basetech — ge-131-1837836_firmware	Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.	2020-11-17	not yet calculated	CVE-2020-27558 MISC
basetech — ge-131-1837836_firmware	Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.	2020-11-17	not yet calculated	CVE-2020-27557 MISC
basetech — ge-131-1837836_firmware	Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.	2020-11-17	not yet calculated	CVE-2020-27554 MISC
basetech — ge-131-1837836_firmware	A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.	2020-11-17	not yet calculated	CVE-2020-27556 MISC
beckhoff _automation — twincat	The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.	2020-11-19	not yet calculated	CVE-2020-12510 CONFIRM
bejing_liangiing_zhicheng_technology — ltd_ljcmsshop	A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.	2020-11-18	not yet calculated	CVE-2020-22723 MISC MISC
bernd_bestel — grocy	Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.	2020-11-18	not yet calculated	CVE-2020-25454 MISC
big-ip — big-ip_platforms	In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).	2020-11-19	not yet calculated	CVE-2020-5947 CONFIRM
bigbluebutton — bigbluebutton	In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.	2020-11-19	not yet calculated	CVE-2020-28953 MISC MISC
bigbluebutton — bigbluebutton	web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.	2020-11-19	not yet calculated	CVE-2020-28954 MISC MISC MISC MISC
binarynights — forklift	BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift’s helper tool.	2020-11-17	not yet calculated	CVE-2020-27192 MISC
binarynights — forklift	BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.	2020-11-17	not yet calculated	CVE-2020-15349 CONFIRM MISC
canon — oce_colorwave_3500_devices	The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.	2020-11-16	not yet calculated	CVE-2020-26508 MISC
canonical — ubuntu_pulseaudio	Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.	2020-11-19	not yet calculated	CVE-2020-15710 UBUNTU UBUNTU
cisco — asyncos	A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.	2020-11-18	not yet calculated	CVE-2020-3367 CISCO
cisco — dna_spaces_connector	A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application.	2020-11-18	not yet calculated	CVE-2020-3586 CISCO
cisco — expressway	A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access.	2020-11-18	not yet calculated	CVE-2020-3482 CISCO
cisco — integrated_management_controller	Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).	2020-11-18	not yet calculated	CVE-2020-3470 CISCO
cisco — iot_field_network_director	A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.	2020-11-18	not yet calculated	CVE-2020-26080 CISCO
cisco — iot_field_network_director	A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.	2020-11-18	not yet calculated	CVE-2020-26078 CISCO
cisco — iot_field_network_director	Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.	2020-11-18	not yet calculated	CVE-2020-26081 CISCO
cisco — iot_field_network_director	A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.	2020-11-18	not yet calculated	CVE-2020-26079 CISCO
cisco — iot_field_network_director	A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system.	2020-11-18	not yet calculated	CVE-2020-26077 CISCO
cisco — iot_field_network_director	A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.	2020-11-18	not yet calculated	CVE-2020-26076 CISCO
cisco — iot_field_network_director	A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.	2020-11-18	not yet calculated	CVE-2020-26075 CISCO
cisco — iot_field_network_director	A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.	2020-11-18	not yet calculated	CVE-2020-26072 CISCO
cisco — iot_field_network_director	A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.	2020-11-18	not yet calculated	CVE-2020-3392 CISCO
cisco — iot_field_network_director	A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.	2020-11-18	not yet calculated	CVE-2020-3531 CISCO
cisco — security_manager	A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.	2020-11-17	not yet calculated	CVE-2020-27125 CISCO
cisco — security_manager	A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.	2020-11-17	not yet calculated	CVE-2020-27130 CISCO
cisco — security_manager	Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITYSYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.	2020-11-17	not yet calculated	CVE-2020-27131 CISCO
cisco — telepresence_ce_software_and_roomos_software	A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.	2020-11-18	not yet calculated	CVE-2020-26068 CISCO
cisco — webex_meetings	A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user.	2020-11-18	not yet calculated	CVE-2020-27126 CISCO
cisco — webex_meetings_and_webex_meetings_server	A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.	2020-11-18	not yet calculated	CVE-2020-3471 CISCO
cisco — webex_meetings_and_webex_meetings_server	A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.	2020-11-18	not yet calculated	CVE-2020-3441 CISCO
cisco — webex_meetings_server	A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.	2020-11-18	not yet calculated	CVE-2020-3419 CISCO
citrix — sd-wan_center	Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.	2020-11-16	not yet calculated	CVE-2020-8273 MISC
citrix — sd-wan_center	Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8	2020-11-16	not yet calculated	CVE-2020-8272 MISC
citrix — sd-wan_center	Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8	2020-11-16	not yet calculated	CVE-2020-8271 MISC
citrix — virtual_apps_and_desktop	An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9	2020-11-16	not yet calculated	CVE-2020-8269 MISC
citrix — virtual_apps_and_desktop	An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342	2020-11-16	not yet calculated	CVE-2020-8270 MISC
controlled-merge — controlled-merge	Prototype pollution vulnerability in ‘controlled-merge’ versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.	2020-11-15	not yet calculated	CVE-2020-28268 MISC MISC
cxuucms — cxuucms	cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.	2020-11-18	not yet calculated	CVE-2020-28091 MISC CONFIRM
doc-path — doc-path	This affects the package doc-path before 2.1.2.	2020-11-15	not yet calculated	CVE-2020-7772 CONFIRM CONFIRM CONFIRM
drupal — drupal	Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.	2020-11-20	not yet calculated	CVE-2020-13671 CONFIRM
endress+hauser — ecograph_t	Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic “tokens”. The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on.	2020-11-19	not yet calculated	CVE-2020-12495 CONFIRM
endress+hauser — ecograph_t_and_memograph_m	Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it’s possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user.	2020-11-19	not yet calculated	CVE-2020-12496 CONFIRM
fastadmin — fastadmin	In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh.	2020-11-17	not yet calculated	CVE-2020-21665 MISC
firebase — util	This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.	2020-11-16	not yet calculated	CVE-2020-7765 CONFIRM CONFIRM CONFIRM
garmin — forerunner_235	Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.	2020-11-16	not yet calculated	CVE-2020-27484 MISC
garmin — forerunner_235	Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution.	2020-11-16	not yet calculated	CVE-2020-27483 MISC
garmin — forerunner_235	Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.	2020-11-16	not yet calculated	CVE-2020-27486 MISC
garmin — forerunner_235	Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.	2020-11-16	not yet calculated	CVE-2020-27485 MISC
genexis — platinum_4410_router	UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action ‘X_GetAccess’ which leaks the credentials of ‘admin’, provided that the attacker is network adjacent.	2020-11-17	not yet calculated	CVE-2020-25988 MISC MISC MISC MISC
gila — gila_cms	In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.	2020-11-16	not yet calculated	CVE-2020-28692 MISC
gitlab — ce/cc	Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-26405 CONFIRM MISC MISC
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-19	not yet calculated	CVE-2020-13355 CONFIRM MISC MISC
gitlab — ce/ee	CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who’s able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.	2020-11-17	not yet calculated	CVE-2020-13350 CONFIRM MISC MISC
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-19	not yet calculated	CVE-2020-13356 CONFIRM MISC MISC
gitlab — ce/ee	A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-13358 CONFIRM MISC
gitlab — ce/ee	The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-19	not yet calculated	CVE-2020-13359 CONFIRM MISC
gitlab — ce/ee	A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.	2020-11-17	not yet calculated	CVE-2020-13354 CONFIRM MISC MISC
gitlab — ce/ee	Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-13351 CONFIRM MISC MISC
gitlab — ce/ee	Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-13352 CONFIRM MISC MISC
gitlab — ee	An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-13349 CONFIRM MISC
gitlab — ee	An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-13348 CONFIRM MISC
gitlab — ee	Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-26406 CONFIRM MISC MISC
gitlab — gitlay	When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.	2020-11-17	not yet calculated	CVE-2020-13353 CONFIRM MISC
hcl — domino	HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.	2020-11-21	not yet calculated	CVE-2020-14234 CONFIRM
hcl — domino	HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.	2020-11-21	not yet calculated	CVE-2020-14230 CONFIRM
hcl — notes	HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.	2020-11-21	not yet calculated	CVE-2020-14258 CONFIRM
horizontcms — horizontcms	An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>	2020-11-16	not yet calculated	CVE-2020-28693 MISC MISC
ibm — business_automation_workflow	IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.	2020-11-16	not yet calculated	CVE-2020-4672 XF CONFIRM
ibm — db2	IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.	2020-11-19	not yet calculated	CVE-2020-4701 XF CONFIRM
ibm — db2_accessories_suite	IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.	2020-11-20	not yet calculated	CVE-2020-4739 XF CONFIRM
ibm — jazz_reporting_service	IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.	2020-11-19	not yet calculated	CVE-2020-4718 XF CONFIRM
ibm — mq_appliance	IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.	2020-11-18	not yet calculated	CVE-2020-4592 XF CONFIRM
ibm — power9	IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.	2020-11-20	not yet calculated	CVE-2020-4788 MLIST MLIST XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.	2020-11-16	not yet calculated	CVE-2020-4692 XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.	2020-11-16	not yet calculated	CVE-2020-4700 XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.	2020-11-16	not yet calculated	CVE-2020-4566 XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.	2020-11-16	not yet calculated	CVE-2020-4655 XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.	2020-11-16	not yet calculated	CVE-2020-4705 XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.	2020-11-16	not yet calculated	CVE-2020-4671 XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.	2020-11-16	not yet calculated	CVE-2020-4475 XF CONFIRM
ibm — sterling_b2b_integrator_standard_edition	IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.	2020-11-20	not yet calculated	CVE-2020-4937 XF CONFIRM
ibm — sterling_file_gateway	IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.	2020-11-16	not yet calculated	CVE-2020-4763 XF CONFIRM
ibm — sterling_file_gateway	IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.	2020-11-16	not yet calculated	CVE-2020-4647 XF CONFIRM
ibm — sterling_file_gateway	IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.	2020-11-16	not yet calculated	CVE-2020-4476 XF CONFIRM
ibm — sterling_file_gateway	IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.	2020-11-16	not yet calculated	CVE-2020-4665 XF CONFIRM
imagemagik — imagemagik	Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.	2020-11-20	not yet calculated	CVE-2020-19667 MISC
infinitewp — admin_panel	In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.	2020-11-16	not yet calculated	CVE-2020-28642 MISC
influxdata — influxdb	InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).	2020-11-19	not yet calculated	CVE-2019-20933 MISC MISC MISC
ivanti — endpoint_manager	Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.	2020-11-16	not yet calculated	CVE-2020-13773 MISC MISC
jamodat — tsmmanager_collector	JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector’s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances’ consoles, accessing hardware configurations, etc.Exploiting this vulnerability won’t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.	2020-11-19	not yet calculated	CVE-2020-28054 MISC MISC MISC
jetbrains — ideavim	JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.	2020-11-16	not yet calculated	CVE-2020-27623 MISC CONFIRM
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.	2020-11-16	not yet calculated	CVE-2020-27622 MISC CONFIRM
jetbrains — ktor	In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.	2020-11-16	not yet calculated	CVE-2020-26129 MISC CONFIRM
jetbrains — teamcity	In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.	2020-11-16	not yet calculated	CVE-2020-27629 MISC CONFIRM
jetbrains — teamcity	JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.	2020-11-16	not yet calculated	CVE-2020-27627 MISC CONFIRM
jetbrains — teamcity	In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.	2020-11-16	not yet calculated	CVE-2020-27628 MISC CONFIRM
jupyter — notebook	Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.	2020-11-18	not yet calculated	CVE-2020-26215 MISC CONFIRM
kaa — iot_platform	Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.	2020-11-17	not yet calculated	CVE-2020-26701 MISC
kamailio — kamailio	Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.	2020-11-18	not yet calculated	CVE-2020-28361 MISC MISC
kata — containers	An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.	2020-11-17	not yet calculated	CVE-2020-28914 MISC MISC MISC MISC MISC
kyocera — ecosys_m2640idw_printers	The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in “Machine Address Book”. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions	2020-11-17	not yet calculated	CVE-2020-25890 MISC
lemoncms — lemoncms	appadmincontrollersysUploads.php in lemocms 1.8.x allows users to upload files to upload executable files.	2020-11-18	not yet calculated	CVE-2020-25406 MISC
libsixel — libsixel	Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.	2020-11-20	not yet calculated	CVE-2020-19668 MISC
libsvm — scikit-learn	svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array.	2020-11-21	not yet calculated	CVE-2020-28975 MISC MISC
libuci — openwrt	libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.	2020-11-19	not yet calculated	CVE-2020-28951 MISC MISC MISC
libvips — libvips	im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.	2020-11-20	not yet calculated	CVE-2020-20739 MISC MISC
limesurvey — limesurvey	A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.	2020-11-17	not yet calculated	CVE-2020-25798 MISC MISC
linux — linux_kernel	A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.	2020-11-20	not yet calculated	CVE-2020-28974 MISC MISC MISC
linux — linux_kernel	A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.	2020-11-18	not yet calculated	CVE-2020-28915 MISC MISC MISC MISC MISC
linux — linux_kernel	A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.	2020-11-17	not yet calculated	CVE-2020-25705 MISC
linux — linux_kernel	An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.	2020-11-19	not yet calculated	CVE-2020-28941 MLIST MISC MISC MISC MISC
lionwiki — lionwiki	LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2020-11-16	not yet calculated	CVE-2020-27191 MISC MISC
markdown-it-highlightjs — markdown-it-highlightjs	This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(“markdown-it-highlightjs”); const md = require(‘markdown-it’); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render(‘console.log(42){.”>js}’); console.log(reuslt_xss);	2020-11-16	not yet calculated	CVE-2020-7773 CONFIRM CONFIRM CONFIRM
melsec — iq-r_series_cpu_modules	Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from ’05’ to ’19’ and R04/08/16/32/120(EN)CPU Firmware versions from ’35’ to ’51’) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.	2020-11-16	not yet calculated	CVE-2020-5666 MISC MISC MISC MISC
melsec — iq-r_series_cpu_modules	Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version ’19’ and earlier, R04/08/16/32/120 (EN) CPU firmware version ’51’ and earlier, R08/16/32/120SFCPU firmware version ’22’ and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version ’47’ and earlier, RJ71GF11-T2 firmware version ’47’ and earlier, RJ72GF15-T2 firmware version ’07’ and earlier, RJ71GP21-SX firmware version ’47’ and earlier, RJ71GP21S-SX firmware version ’47’ and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet	2020-11-20	not yet calculated	CVE-2020-5668 MISC MISC MISC MISC
mercedes-benz — hermes	An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information.	2020-11-16	not yet calculated	CVE-2019-19562 MISC MISC
mercedes-benz — hermes	A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.	2020-11-16	not yet calculated	CVE-2019-19563 MISC MISC
mercedes-benz — hermes	An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information.	2020-11-16	not yet calculated	CVE-2019-19556 MISC MISC
mercedes-benz — hermes	A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.	2020-11-16	not yet calculated	CVE-2019-19561 MISC MISC
mercedes-benz — hermes	An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.	2020-11-16	not yet calculated	CVE-2019-19560 MISC MISC
mercedes-benz — hermes	A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.	2020-11-16	not yet calculated	CVE-2019-19557 MISC MISC
micro_focus — arcsight_logger	Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.	2020-11-17	not yet calculated	CVE-2020-11851 CONFIRM
misp — misp	In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.	2020-11-19	not yet calculated	CVE-2020-28947 MISC
moodle — moodle	In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.	2020-11-19	not yet calculated	CVE-2020-25699 MISC MISC
moodle — moodle	In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.	2020-11-19	not yet calculated	CVE-2020-25700 MISC MISC
moodle — moodle	If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.	2020-11-19	not yet calculated	CVE-2020-25701 MISC MISC
moodle — moodle	The participants table download in Moodle always included user emails, but should have only done so when users’ emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.	2020-11-19	not yet calculated	CVE-2020-25703 MISC MISC
moodle — moodle	Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.	2020-11-19	not yet calculated	CVE-2020-25698 MISC MISC
moodle — moodle	In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.	2020-11-19	not yet calculated	CVE-2020-25702 MISC MISC
nagios — nagios_xi	Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.	2020-11-16	not yet calculated	CVE-2020-28648 MISC
netiq — identity_manager	NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.	2020-11-20	not yet calculated	CVE-2020-25839 CONFIRM
netis — korea_d’live_ap	Improper Input validation vulnerability exists in Netis Korea D’live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D’live set-top box AP(WF2429TB) v1.1.10.	2020-11-20	not yet calculated	CVE-2020-7842 CONFIRM
netskope — netskope	A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin’s portal thus leads to compromise admin’s system.	2020-11-20	not yet calculated	CVE-2020-28845 MISC
nextcloud — server	Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.	2020-11-16	not yet calculated	CVE-2020-8152 MISC MISC
nextcloud — social	Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.	2020-11-19	not yet calculated	CVE-2020-8279 MISC CONFIRM
nextcloud — social	Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.	2020-11-19	not yet calculated	CVE-2020-8278 MISC CONFIRM
nexttcloud — server	Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.	2020-11-16	not yet calculated	CVE-2020-8259 MISC MISC
node — node.js	A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.	2020-11-19	not yet calculated	CVE-2020-8277 MISC CONFIRM
oppo_security — com.coloros.codebook	Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.	2020-11-19	not yet calculated	CVE-2020-11829 CONFIRM
oppo_security — com.coloros.codebook	OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.	2020-11-19	not yet calculated	CVE-2020-11831 CONFIRM
oppo_security — com.coloros.codebook	QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.	2020-11-19	not yet calculated	CVE-2020-11830 CONFIRM
paradox — ip150	The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).	2020-11-21	not yet calculated	CVE-2020-25189 MISC
paradox — ip150	The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).	2020-11-21	not yet calculated	CVE-2020-25185 MISC
pdfresurrect — pdfresurrect	PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().	2020-11-20	not yet calculated	CVE-2020-20740 MISC MISC
pescms — pescms_team	PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=	2020-11-17	not yet calculated	CVE-2020-28092 MISC MISC
phpgurukul — user_registration_and_login_nd_user_management_system	Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.	2020-11-18	not yet calculated	CVE-2020-24723 MISC MISC
phpgurukul — user_registration_and_login_user_management_system	SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.	2020-11-16	not yet calculated	CVE-2020-25952 MISC MISC MISC
planet_technology — corp_nvr-915_and_nvr-1615_products	UNSUPPORTED WHEN ASSIGNED The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2020-11-18	not yet calculated	CVE-2020-26097 MISC
prestashop — prestashop	In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.	2020-11-16	not yet calculated	CVE-2020-26224 MISC CONFIRM
prestashop — product_comments	In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0	2020-11-16	not yet calculated	CVE-2020-26225 MISC CONFIRM
primekey — ejbca	An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA’s domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.	2020-11-19	not yet calculated	CVE-2020-28942 MISC
pritunl — electron_client	Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.	2020-11-19	not yet calculated	CVE-2020-25989 CONFIRM MISC
progress — moveit_transder	In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim’s browser (XSS).	2020-11-17	not yet calculated	CVE-2020-28647 CONFIRM MISC
qnap — qts	If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.	2020-11-16	not yet calculated	CVE-2020-2490 CONFIRM
qnap — qts	If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.	2020-11-16	not yet calculated	CVE-2020-2492 CONFIRM
rclone — rclone	An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.	2020-11-19	not yet calculated	CVE-2020-28924 MISC MISC
red_hat — jboss_keycloak	A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.	2020-11-17	not yet calculated	CVE-2020-10776 MISC
red_hat — jboss_keycloak	It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.	2020-11-17	not yet calculated	CVE-2020-14389 MISC
red_hat — xpdf	In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.	2020-11-21	not yet calculated	CVE-2020-25725 CONFIRM MISC
reddoxx — maildepot_2033	REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.	2020-11-18	not yet calculated	CVE-2020-26554 MISC MISC
resourcexpress — qubi3_devices	QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility.	2020-11-17	not yet calculated	CVE-2020-25746 CONFIRM MISC
rsa — archer	RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.	2020-11-18	not yet calculated	CVE-2020-26884 CONFIRM
schneider_electric — easergy_t300	A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.	2020-11-19	not yet calculated	CVE-2020-7561 MISC
schneider_electric — ecostruxure_building_operation_enterprise_server	A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 – V3.1 and Enterprise Central installer V2.0 – V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.	2020-11-19	not yet calculated	CVE-2020-28209 MISC
schneider_electric — ecostruxure_building_operation_webreports	A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.	2020-11-19	not yet calculated	CVE-2020-7572 MISC
schneider_electric — ecostruxure_building_operation_webreports	A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.	2020-11-19	not yet calculated	CVE-2020-7570 MISC
schneider_electric — ecostruxure_building_operation_webreports	A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.	2020-11-19	not yet calculated	CVE-2020-7569 MISC
schneider_electric — ecostruxure_building_operation_webreports	A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.	2020-11-19	not yet calculated	CVE-2020-7571 MISC
schneider_electric — ecostruxure_building_operation_webreports	A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.	2020-11-19	not yet calculated	CVE-2020-7573 MISC
schneider_electric — ecostruxure_building_operation_webstation	A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 – V3.1 that could cause an attacker to inject HTML and JavaScript code into the user’s browser.	2020-11-19	not yet calculated	CVE-2020-28210 MISC
schneider_electric — ecostruxure_control_expert	A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.	2020-11-19	not yet calculated	CVE-2020-28213 MISC
schneider_electric — ecostruxure_control_expert	A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.	2020-11-19	not yet calculated	CVE-2020-28212 MISC
schneider_electric — ecostruxure_control_expert	A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.	2020-11-19	not yet calculated	CVE-2020-28211 MISC
schneider_electric — ecostruxure_control_expert	A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.	2020-11-19	not yet calculated	CVE-2020-7559 MISC
schneider_electric — ecostruxure_operator_terminal_expert	A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert.	2020-11-19	not yet calculated	CVE-2020-7544 MISC
schneider_electric — igss_definition	A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7556 MISC
schneider_electric — igss_definition	A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7558 MISC
schneider_electric — igss_definition	A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7557 MISC
schneider_electric — igss_definition	A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7555 MISC
schneider_electric — igss_definition	A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7550 MISC
schneider_electric — igss_definition	A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7551 MISC
schneider_electric — igss_definition	A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7552 MISC
schneider_electric — igss_definition	A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7554 MISC
schneider_electric — igss_definition	A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.	2020-11-19	not yet calculated	CVE-2020-7553 MISC
schneider_electric — modicon_m221	A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller and broke the encryption keys.	2020-11-19	not yet calculated	CVE-2020-7567 MISC
schneider_electric — modicon_m221	A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller.	2020-11-19	not yet calculated	CVE-2020-7566 MISC
schneider_electric — modicon_m221	A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller.	2020-11-19	not yet calculated	CVE-2020-7565 MISC
schneider_electric — modicon_m221	A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller.	2020-11-19	not yet calculated	CVE-2020-7568 MISC
schneider_electric — multiple_products	A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.	2020-11-18	not yet calculated	CVE-2020-7564 MISC
schneider_electric — multiple_products	A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.	2020-11-18	not yet calculated	CVE-2020-7562 MISC
schneider_electric — multiple_products	A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.	2020-11-18	not yet calculated	CVE-2020-7563 MISC
schneider_electric — plc_simulator_on_ecostruxure_control_expert	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.	2020-11-19	not yet calculated	CVE-2020-7538 MISC
scratchverifier — scratchverifier	In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else’s account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login.	2020-11-20	not yet calculated	CVE-2020-26236 MISC CONFIRM
semantic-release — semantic-release	In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.	2020-11-18	not yet calculated	CVE-2020-26226 MISC CONFIRM
sensormatics_electronics — american_dynamics_victor_web_client_and_software_house_c.cure_web_client	A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.	2020-11-19	not yet calculated	CVE-2020-9049 CERT CONFIRM
sokrates — sowa	A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.	2020-11-19	not yet calculated	CVE-2020-28350 MISC
sourcecodester — gym_management_system	Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields ‘Package Name’ and ‘Description’.	2020-11-17	not yet calculated	CVE-2020-28129 MISC MISC
sourcecodester — online_clothing_store	SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.	2020-11-17	not yet calculated	CVE-2020-28138 MISC MISC
sourcecodester — online_clothing_store	SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.	2020-11-17	not yet calculated	CVE-2020-28140 MISC MISC
sourcecodester — online_clothing_store	SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.	2020-11-17	not yet calculated	CVE-2020-28139 MISC MISC
sourcecodester — online_library_management_system	An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).	2020-11-17	not yet calculated	CVE-2020-28130 MISC MISC
sourcecodester — simple_grocery_store_sales_and_inventory_system	An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.	2020-11-17	not yet calculated	CVE-2020-28133 MISC MISC
sourcecodester — tourism_management_system	An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.	2020-11-17	not yet calculated	CVE-2020-28136 MISC MISC
sourcecodester — water_billing_system	SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.	2020-11-17	not yet calculated	CVE-2020-28183 MISC MISC MISC
suitecrm — suitecrm	SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.	2020-11-18	not yet calculated	CVE-2020-15300 MISC
suitecrm — suitecrm	SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.	2020-11-18	not yet calculated	CVE-2020-15301 MISC
symantec — endpoint_detection_and_response	Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.	2020-11-18	not yet calculated	CVE-2020-12593 CONFIRM
taskcafe — project_management_tool	Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.	2020-11-17	not yet calculated	CVE-2020-25400 MISC
tenable — tp-link_archer	UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.	2020-11-21	not yet calculated	CVE-2020-5797 MISC
tobesoft — xplatform	Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://	2020-11-17	not yet calculated	CVE-2020-7841 MISC
tp-link — multiple_devices	Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.	2020-11-20	not yet calculated	CVE-2020-28877 MISC
tp-link — tl-wpa4220_devices	httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023	2020-11-18	not yet calculated	CVE-2020-24297 MISC MISC
tp-link — tl-wpa4220_devices	httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023	2020-11-18	not yet calculated	CVE-2020-28005 MISC MISC
trend_micro — apex_one	A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.	2020-11-18	not yet calculated	CVE-2020-28572 MISC
trend_micro — interscan_web_security_virtual_appliance	A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.	2020-11-18	not yet calculated	CVE-2020-28581 MISC MISC
trend_micro — interscan_web_security_virtual_appliance	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.	2020-11-18	not yet calculated	CVE-2020-28578 MISC MISC
trend_micro — interscan_web_security_virtual_appliance	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.	2020-11-18	not yet calculated	CVE-2020-28579 MISC MISC
trend_micro — interscan_web_security_virtual_appliance	A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.	2020-11-18	not yet calculated	CVE-2020-28580 MISC MISC
trend_micro — security_2020	Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.	2020-11-18	not yet calculated	CVE-2020-27697 MISC
trend_micro — security_2020	Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.	2020-11-18	not yet calculated	CVE-2020-27695 MISC
trend_micro — security_2020	Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.	2020-11-18	not yet calculated	CVE-2020-27696 MISC
trend_micro — worry-free_business_security	A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product’s management console.	2020-11-18	not yet calculated	CVE-2020-28574 MISC MISC
trusted_computing_group — trusted_platform_module_library_family	Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.	2020-11-18	not yet calculated	CVE-2020-26933 MISC CONFIRM
typ03 — typ03	An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.	2020-11-18	not yet calculated	CVE-2020-28917 MISC
typo3 — fluid	TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory.	2020-11-17	not yet calculated	CVE-2020-26216 MISC CONFIRM MISC
valve — game_networking_sockets	Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.	2020-11-18	not yet calculated	CVE-2020-6016 MISC
vmware — esxi	VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)	2020-11-20	not yet calculated	CVE-2020-4005 CONFIRM
vmware — multiple_products	VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.	2020-11-20	not yet calculated	CVE-2020-4004 CONFIRM
volkswagon — discover_media_infotainment_system	The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.	2020-11-16	not yet calculated	CVE-2020-28656 MISC
werkzeug — werkzeug	Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.	2020-11-18	not yet calculated	CVE-2020-28724 MISC MISC MISC
western_digital — inand_devices	Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack.	2020-11-18	not yet calculated	CVE-2020-13799 MISC CONFIRM
wordpress — wordpress	The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.	2020-11-16	not yet calculated	CVE-2020-28650 MISC
wordpress — wordpress	The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.	2020-11-16	not yet calculated	CVE-2020-28649 MISC MISC
xstream — xstream	XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.	2020-11-16	not yet calculated	CVE-2020-26217 CONFIRM CONFIRM CONFIRM
y18n — y18n	This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require(‘y18n’)(); y18n.setLocale(‘__proto__’); y18n.updateLocale({polluted: true}); console.log(polluted); // true	2020-11-17	not yet calculated	CVE-2020-7774 MISC MISC MISC MISC
yzmcms — yzmcms	In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.	2020-11-19	not yet calculated	CVE-2020-22394 MISC
zte — multiple_devices	Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.	2020-11-19	not yet calculated	CVE-2020-6879 MISC

This product is provided subject to this Notification and this Privacy & Use policy.