Vulnerability Summary for the Week of November 16, 2020

Posted by:

|

On:

|

Original release date: November 23, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
golang — go Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. 2020-11-18 7.5 CVE-2020-28367
MISC
CONFIRM
MLIST
MLIST
FEDORA
golang — go Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. 2020-11-18 7.5 CVE-2020-28366
MISC
CONFIRM
MLIST
FEDORA
jetbrains — toolbox JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. 2020-11-16 10 CVE-2020-25207
MISC
CONFIRM
riken — xoonips Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. 2020-11-16 7.5 CVE-2020-5664
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
chronoengine — chronoforums Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed. 2020-11-16 4.3 CVE-2020-27459
MISC
cmsuno_project — cmsuno An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. 2020-11-13 6.5 CVE-2020-25538
MISC
golang — go Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. 2020-11-18 5 CVE-2020-28362
CONFIRM
MLIST
FEDORA
intel — proset/wireless_wifi Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2020-11-13 5.8 CVE-2020-12313
MISC
ivanti — endpoint_manager LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. 2020-11-16 6.5 CVE-2020-13769
MISC
MISC
ivanti — endpoint_manager In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. 2020-11-16 5 CVE-2020-13772
MISC
MISC
jetbrains — toolbox JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. 2020-11-16 5 CVE-2020-25013
MISC
CONFIRM
jetbrains — youtrack In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. 2020-11-16 5 CVE-2020-25210
MISC
CONFIRM
jetbrains — youtrack JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. 2020-11-16 5 CVE-2020-27626
MISC
CONFIRM
jetbrains — youtrack In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. 2020-11-16 5 CVE-2020-27625
MISC
jetbrains — youtrack JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. 2020-11-16 5 CVE-2020-27624
MISC
CONFIRM
jetbrains — youtrack In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. 2020-11-16 5 CVE-2020-25209
MISC
CONFIRM
microfocus — arcsight_logger Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) 2020-11-17 4.3 CVE-2020-11860
CONFIRM
microfocus — arcsight_logger Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). 2020-11-17 4.3 CVE-2020-25834
CONFIRM
netapp — hci Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. 2020-11-13 5 CVE-2020-8583
MISC
netapp — hci Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. 2020-11-13 4 CVE-2020-8582
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. 2020-11-13 6.8 CVE-2020-6147
FULLDISC
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. 2020-11-13 6.8 CVE-2020-6156
MISC
pixar — openusd A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. 2020-11-13 6.8 CVE-2020-6155
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. 2020-11-13 6.8 CVE-2020-6150
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section. 2020-11-13 6.8 CVE-2020-6149
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow. 2020-11-13 6.8 CVE-2020-6148
MISC
postgresql — postgresql A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-11-16 6.5 CVE-2020-25695
MISC
MISC
postgresql — postgresql A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-11-16 6.8 CVE-2020-25694
MISC
MISC
riken — xoonips SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2020-11-16 6.5 CVE-2020-5659
MISC
MISC
riken — xoonips Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. 2020-11-16 4 CVE-2020-5663
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 stores sensitive information in the browser’s history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910. 2020-11-13 2.1 CVE-2020-4886
XF
CONFIRM
jetbrains — youtrack Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups. 2020-11-16 2.1 CVE-2020-24366
MISC
CONFIRM
microfocus — filr Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. 2020-11-17 3.5 CVE-2020-25832
CONFIRM
microfocus — idol Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. 2020-11-17 3.5 CVE-2020-25833
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). 2020-11-16 3.5 CVE-2020-27988
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). 2020-11-16 3.5 CVE-2020-27989
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). 2020-11-16 3.5 CVE-2020-27990
CONFIRM
nagios — nagios_xi Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). 2020-11-16 3.5 CVE-2020-27991
CONFIRM
riken — xoonips Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. 2020-11-16 3.5 CVE-2020-5662
MISC
MISC
salesagility — suitecrm SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. 2020-11-18 3.5 CVE-2020-14208
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
airleader — master_and_easy_devices
 
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. 2020-11-16 not yet calculated CVE-2020-26509
MISC
airleader — master_devices
 
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. 2020-11-16 not yet calculated CVE-2020-26510
MISC
amazon — amazon_web_services_encryption_sdk A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later. 2020-11-16 not yet calculated CVE-2020-8897
CONFIRM
CONFIRM
anuku — time_tracker
 
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user’s mailbox 2020-11-16 not yet calculated CVE-2020-27423
MISC
anuku — time_tracker
 
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn’t expire once used, allowing an attacker to use the same link to takeover the account. 2020-11-16 not yet calculated CVE-2020-27422
MISC
MISC
apache — libapreq2
 
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. 2020-11-19 not yet calculated CVE-2019-12412
MISC
MISC
apache — openoffice
 
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. 2020-11-17 not yet calculated CVE-2020-13958
MISC
archive_tar — archive_tar Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. 2020-11-19 not yet calculated CVE-2020-28949
MISC
archive_tar — archive_tar
 
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. 2020-11-19 not yet calculated CVE-2020-28948
MISC
artworks_gallery — artworks_gallery
 
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. 2020-11-17 not yet calculated CVE-2020-28688
MISC
MISC
artworks_gallery — artworks_gallery
 
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. 2020-11-17 not yet calculated CVE-2020-28687
MISC
MISC
avaya — weblm
 
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. 2020-11-13 not yet calculated CVE-2020-7032
MISC
FULLDISC
CONFIRM
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. 2020-11-17 not yet calculated CVE-2020-26550
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. 2020-11-17 not yet calculated CVE-2020-26548
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. 2020-11-17 not yet calculated CVE-2020-26549
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. 2020-11-17 not yet calculated CVE-2020-26551
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. 2020-11-17 not yet calculated CVE-2020-26552
MISC
aviatrix — cloud_controller
 
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. 2020-11-17 not yet calculated CVE-2020-26553
MISC
avid_cloud_solutions — cloudavid_pparam
 
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. 2020-11-16 not yet calculated CVE-2020-28723
MISC
MISC
avideo — avideo
 
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. 2020-11-16 not yet calculated CVE-2020-23490
MISC
MISC
avideo — avideo
 
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin. 2020-11-16 not yet calculated CVE-2020-23489
MISC
MISC
basetech — ge-131-1837836_firmware
 
A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information. 2020-11-17 not yet calculated CVE-2020-27553
MISC
basetech — ge-131-1837836_firmware
 
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. 2020-11-17 not yet calculated CVE-2020-27555
MISC
basetech — ge-131-1837836_firmware
 
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. 2020-11-17 not yet calculated CVE-2020-27558
MISC
basetech — ge-131-1837836_firmware
 
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. 2020-11-17 not yet calculated CVE-2020-27557
MISC
basetech — ge-131-1837836_firmware
 
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. 2020-11-17 not yet calculated CVE-2020-27554
MISC
basetech — ge-131-1837836_firmware
 
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. 2020-11-17 not yet calculated CVE-2020-27556
MISC
beckhoff _automation — twincat
 
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added. 2020-11-19 not yet calculated CVE-2020-12510
CONFIRM
bejing_liangiing_zhicheng_technology — ltd_ljcmsshop
 
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address. 2020-11-18 not yet calculated CVE-2020-22723
MISC
MISC
bernd_bestel — grocy
 
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. 2020-11-18 not yet calculated CVE-2020-25454
MISC
big-ip — big-ip_platforms
 
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE). 2020-11-19 not yet calculated CVE-2020-5947
CONFIRM
bigbluebutton — bigbluebutton
 
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. 2020-11-19 not yet calculated CVE-2020-28953
MISC
MISC
bigbluebutton — bigbluebutton
 
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. 2020-11-19 not yet calculated CVE-2020-28954
MISC
MISC
MISC
MISC
binarynights — forklift
 
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift’s helper tool. 2020-11-17 not yet calculated CVE-2020-27192
MISC
binarynights — forklift
 
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. 2020-11-17 not yet calculated CVE-2020-15349
CONFIRM
MISC
canon — oce_colorwave_3500_devices
 
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. 2020-11-16 not yet calculated CVE-2020-26508
MISC
canonical — ubuntu_pulseaudio
 
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. 2020-11-19 not yet calculated CVE-2020-15710
UBUNTU
UBUNTU
cisco — asyncos
 
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. 2020-11-18 not yet calculated CVE-2020-3367
CISCO
cisco — dna_spaces_connector
 
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application. 2020-11-18 not yet calculated CVE-2020-3586
CISCO
cisco — expressway
 
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. 2020-11-18 not yet calculated CVE-2020-3482
CISCO
cisco — integrated_management_controller
 
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). 2020-11-18 not yet calculated CVE-2020-3470
CISCO
cisco — iot_field_network_director A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. 2020-11-18 not yet calculated CVE-2020-26080
CISCO
cisco — iot_field_network_director A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. 2020-11-18 not yet calculated CVE-2020-26078
CISCO
cisco — iot_field_network_director
 
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system. 2020-11-18 not yet calculated CVE-2020-26081
CISCO
cisco — iot_field_network_director
 
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. 2020-11-18 not yet calculated CVE-2020-26079
CISCO
cisco — iot_field_network_director
 
A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. 2020-11-18 not yet calculated CVE-2020-26077
CISCO
cisco — iot_field_network_director
 
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. 2020-11-18 not yet calculated CVE-2020-26076
CISCO
cisco — iot_field_network_director
 
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. 2020-11-18 not yet calculated CVE-2020-26075
CISCO
cisco — iot_field_network_director
 
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. 2020-11-18 not yet calculated CVE-2020-26072
CISCO
cisco — iot_field_network_director
 
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication. 2020-11-18 not yet calculated CVE-2020-3392
CISCO
cisco — iot_field_network_director
 
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information. 2020-11-18 not yet calculated CVE-2020-3531
CISCO
cisco — security_manager
 
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. 2020-11-17 not yet calculated CVE-2020-27125
CISCO
cisco — security_manager
 
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. 2020-11-17 not yet calculated CVE-2020-27130
CISCO
cisco — security_manager
 
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITYSYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities. 2020-11-17 not yet calculated CVE-2020-27131
CISCO
cisco — telepresence_ce_software_and_roomos_software
 
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users. 2020-11-18 not yet calculated CVE-2020-26068
CISCO
cisco — webex_meetings
 
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user. 2020-11-18 not yet calculated CVE-2020-27126
CISCO
cisco — webex_meetings_and_webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. 2020-11-18 not yet calculated CVE-2020-3471
CISCO
cisco — webex_meetings_and_webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. 2020-11-18 not yet calculated CVE-2020-3441
CISCO
cisco — webex_meetings_server
 
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. 2020-11-18 not yet calculated CVE-2020-3419
CISCO
citrix — sd-wan_center Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. 2020-11-16 not yet calculated CVE-2020-8273
MISC
citrix — sd-wan_center
 
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 2020-11-16 not yet calculated CVE-2020-8272
MISC
citrix — sd-wan_center
 
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 2020-11-16 not yet calculated CVE-2020-8271
MISC
citrix — virtual_apps_and_desktop
 
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 2020-11-16 not yet calculated CVE-2020-8269
MISC
citrix — virtual_apps_and_desktop
 
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342 2020-11-16 not yet calculated CVE-2020-8270
MISC
controlled-merge — controlled-merge
 
Prototype pollution vulnerability in ‘controlled-merge’ versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. 2020-11-15 not yet calculated CVE-2020-28268
MISC
MISC
cxuucms — cxuucms
 
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. 2020-11-18 not yet calculated CVE-2020-28091
MISC
CONFIRM
doc-path — doc-path
 
This affects the package doc-path before 2.1.2. 2020-11-15 not yet calculated CVE-2020-7772
CONFIRM
CONFIRM
CONFIRM
drupal — drupal
 
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. 2020-11-20 not yet calculated CVE-2020-13671
CONFIRM
endress+hauser — ecograph_t
 
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic “tokens”. The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on. 2020-11-19 not yet calculated CVE-2020-12495
CONFIRM
endress+hauser — ecograph_t_and_memograph_m
 
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it’s possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user. 2020-11-19 not yet calculated CVE-2020-12496
CONFIRM
fastadmin — fastadmin
 
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. 2020-11-17 not yet calculated CVE-2020-21665
MISC
firebase — util
 
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. 2020-11-16 not yet calculated CVE-2020-7765
CONFIRM
CONFIRM
CONFIRM
garmin — forerunner_235 Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. 2020-11-16 not yet calculated CVE-2020-27484
MISC
garmin — forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution. 2020-11-16 not yet calculated CVE-2020-27483
MISC
garmin — forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. 2020-11-16 not yet calculated CVE-2020-27486
MISC
garmin — forerunner_235
 
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. 2020-11-16 not yet calculated CVE-2020-27485
MISC
genexis — platinum_4410_router
 
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action ‘X_GetAccess’ which leaks the credentials of ‘admin’, provided that the attacker is network adjacent. 2020-11-17 not yet calculated CVE-2020-25988
MISC
MISC
MISC
MISC
gila — gila_cms
 
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. 2020-11-16 not yet calculated CVE-2020-28692
MISC
gitlab — ce/cc
 
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-26405
CONFIRM
MISC
MISC
gitlab — ce/ee An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-19 not yet calculated CVE-2020-13355
CONFIRM
MISC
MISC
gitlab — ce/ee

 

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who’s able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. 2020-11-17 not yet calculated CVE-2020-13350
CONFIRM
MISC
MISC
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-19 not yet calculated CVE-2020-13356
CONFIRM
MISC
MISC
gitlab — ce/ee
 
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13358
CONFIRM
MISC
gitlab — ce/ee
 
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-19 not yet calculated CVE-2020-13359
CONFIRM
MISC
gitlab — ce/ee
 
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. 2020-11-17 not yet calculated CVE-2020-13354
CONFIRM
MISC
MISC
gitlab — ce/ee
 
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13351
CONFIRM
MISC
MISC
gitlab — ce/ee
 
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13352
CONFIRM
MISC
MISC
gitlab — ee

 

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13349
CONFIRM
MISC
gitlab — ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13348
CONFIRM
MISC
gitlab — ee
 
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-26406
CONFIRM
MISC
MISC
gitlab — gitlay
 
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 2020-11-17 not yet calculated CVE-2020-13353
CONFIRM
MISC
hcl — domino
 
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. 2020-11-21 not yet calculated CVE-2020-14234
CONFIRM
hcl — domino
 
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. 2020-11-21 not yet calculated CVE-2020-14230
CONFIRM
hcl — notes
 
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected. 2020-11-21 not yet calculated CVE-2020-14258
CONFIRM
horizontcms — horizontcms An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> 2020-11-16 not yet calculated CVE-2020-28693
MISC
MISC
ibm — business_automation_workflow
 
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. 2020-11-16 not yet calculated CVE-2020-4672
XF
CONFIRM
ibm — db2
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. 2020-11-19 not yet calculated CVE-2020-4701
XF
CONFIRM
ibm — db2_accessories_suite
 
IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. 2020-11-20 not yet calculated CVE-2020-4739
XF
CONFIRM
ibm — jazz_reporting_service
 
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731. 2020-11-19 not yet calculated CVE-2020-4718
XF
CONFIRM
ibm — mq_appliance
 
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. 2020-11-18 not yet calculated CVE-2020-4592
XF
CONFIRM
ibm — power9
 
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. 2020-11-20 not yet calculated CVE-2020-4788
MLIST
MLIST
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. 2020-11-16 not yet calculated CVE-2020-4692
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. 2020-11-16 not yet calculated CVE-2020-4700
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. 2020-11-16 not yet calculated CVE-2020-4566
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091. 2020-11-16 not yet calculated CVE-2020-4655
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190. 2020-11-16 not yet calculated CVE-2020-4705
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. 2020-11-16 not yet calculated CVE-2020-4671
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. 2020-11-16 not yet calculated CVE-2020-4475
XF
CONFIRM
ibm — sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. 2020-11-20 not yet calculated CVE-2020-4937
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. 2020-11-16 not yet calculated CVE-2020-4763
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. 2020-11-16 not yet calculated CVE-2020-4647
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. 2020-11-16 not yet calculated CVE-2020-4476
XF
CONFIRM
ibm — sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. 2020-11-16 not yet calculated CVE-2020-4665
XF
CONFIRM
imagemagik — imagemagik
 
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. 2020-11-20 not yet calculated CVE-2020-19667
MISC
infinitewp — admin_panel
 
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. 2020-11-16 not yet calculated CVE-2020-28642
MISC
influxdata — influxdb
 
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). 2020-11-19 not yet calculated CVE-2019-20933
MISC
MISC
MISC
ivanti — endpoint_manager
 
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. 2020-11-16 not yet calculated CVE-2020-13773
MISC
MISC
jamodat — tsmmanager_collector
 
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector’s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances’ consoles, accessing hardware configurations, etc.Exploiting this vulnerability won’t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. 2020-11-19 not yet calculated CVE-2020-28054
MISC
MISC
MISC
jetbrains — ideavim JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. 2020-11-16 not yet calculated CVE-2020-27623
MISC
CONFIRM
jetbrains — intellij_idea
 
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. 2020-11-16 not yet calculated CVE-2020-27622
MISC
CONFIRM
jetbrains — ktor
 
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. 2020-11-16 not yet calculated CVE-2020-26129
MISC
CONFIRM
jetbrains — teamcity
 
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. 2020-11-16 not yet calculated CVE-2020-27629
MISC
CONFIRM
jetbrains — teamcity
 
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. 2020-11-16 not yet calculated CVE-2020-27627
MISC
CONFIRM
jetbrains — teamcity
 
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. 2020-11-16 not yet calculated CVE-2020-27628
MISC
CONFIRM
jupyter — notebook
 
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. 2020-11-18 not yet calculated CVE-2020-26215
MISC
CONFIRM
kaa — iot_platform
 
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter. 2020-11-17 not yet calculated CVE-2020-26701
MISC
kamailio — kamailio
 
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. 2020-11-18 not yet calculated CVE-2020-28361
MISC
MISC
kata — containers
 
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only. 2020-11-17 not yet calculated CVE-2020-28914
MISC
MISC
MISC
MISC
MISC
kyocera — ecosys_m2640idw_printers
 
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in “Machine Address Book”. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions 2020-11-17 not yet calculated CVE-2020-25890
MISC
lemoncms — lemoncms
 
appadmincontrollersysUploads.php in lemocms 1.8.x allows users to upload files to upload executable files. 2020-11-18 not yet calculated CVE-2020-25406
MISC
libsixel — libsixel
 
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. 2020-11-20 not yet calculated CVE-2020-19668
MISC
libsvm — scikit-learn
 
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. 2020-11-21 not yet calculated CVE-2020-28975
MISC
MISC
libuci — openwrt
 
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. 2020-11-19 not yet calculated CVE-2020-28951
MISC
MISC
MISC
libvips — libvips
 
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. 2020-11-20 not yet calculated CVE-2020-20739
MISC
MISC
limesurvey — limesurvey
 
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. 2020-11-17 not yet calculated CVE-2020-25798
MISC
MISC

linux — linux_kernel

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. 2020-11-20 not yet calculated CVE-2020-28974
MISC
MISC
MISC
linux — linux_kernel
 
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. 2020-11-18 not yet calculated CVE-2020-28915
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. 2020-11-17 not yet calculated CVE-2020-25705
MISC
linux — linux_kernel
 
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. 2020-11-19 not yet calculated CVE-2020-28941
MLIST
MISC
MISC
MISC
MISC
lionwiki — lionwiki
 
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-11-16 not yet calculated CVE-2020-27191
MISC
MISC
markdown-it-highlightjs — markdown-it-highlightjs
 
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(“markdown-it-highlightjs”); const md = require(‘markdown-it’); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render(‘console.log(42){.”>js}’); console.log(reuslt_xss); 2020-11-16 not yet calculated CVE-2020-7773
CONFIRM
CONFIRM
CONFIRM
melsec — iq-r_series_cpu_modules
 
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from ’05’ to ’19’ and R04/08/16/32/120(EN)CPU Firmware versions from ’35’ to ’51’) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. 2020-11-16 not yet calculated CVE-2020-5666
MISC
MISC
MISC
MISC
melsec — iq-r_series_cpu_modules
 
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version ’19’ and earlier, R04/08/16/32/120 (EN) CPU firmware version ’51’ and earlier, R08/16/32/120SFCPU firmware version ’22’ and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version ’47’ and earlier, RJ71GF11-T2 firmware version ’47’ and earlier, RJ72GF15-T2 firmware version ’07’ and earlier, RJ71GP21-SX firmware version ’47’ and earlier, RJ71GP21S-SX firmware version ’47’ and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet 2020-11-20 not yet calculated CVE-2020-5668
MISC
MISC
MISC
MISC
mercedes-benz — hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. 2020-11-16 not yet calculated CVE-2019-19562
MISC
MISC
mercedes-benz — hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. 2020-11-16 not yet calculated CVE-2019-19563
MISC
MISC
mercedes-benz — hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information. 2020-11-16 not yet calculated CVE-2019-19556
MISC
MISC
mercedes-benz — hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. 2020-11-16 not yet calculated CVE-2019-19561
MISC
MISC
mercedes-benz — hermes
 
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. 2020-11-16 not yet calculated CVE-2019-19560
MISC
MISC
mercedes-benz — hermes
 
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. 2020-11-16 not yet calculated CVE-2019-19557
MISC
MISC
micro_focus — arcsight_logger
 
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code. 2020-11-17 not yet calculated CVE-2020-11851
CONFIRM
misp — misp
 
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. 2020-11-19 not yet calculated CVE-2020-28947
MISC
moodle — moodle In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25699
MISC
MISC
moodle — moodle
 
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25700
MISC
MISC
moodle — moodle
 
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25701
MISC
MISC
moodle — moodle
 
The participants table download in Moodle always included user emails, but should have only done so when users’ emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10. 2020-11-19 not yet calculated CVE-2020-25703
MISC
MISC
moodle — moodle
 
Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. 2020-11-19 not yet calculated CVE-2020-25698
MISC
MISC
moodle — moodle
 
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10. 2020-11-19 not yet calculated CVE-2020-25702
MISC
MISC
nagios — nagios_xi
 
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. 2020-11-16 not yet calculated CVE-2020-28648
MISC
netiq — identity_manager
 
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. 2020-11-20 not yet calculated CVE-2020-25839
CONFIRM
netis — korea_d’live_ap
 
Improper Input validation vulnerability exists in Netis Korea D’live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D’live set-top box AP(WF2429TB) v1.1.10. 2020-11-20 not yet calculated CVE-2020-7842
CONFIRM
netskope — netskope
 
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin’s portal thus leads to compromise admin’s system. 2020-11-20 not yet calculated CVE-2020-28845
MISC
nextcloud — server
 
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. 2020-11-16 not yet calculated CVE-2020-8152
MISC
MISC
nextcloud — social
 
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. 2020-11-19 not yet calculated CVE-2020-8279
MISC
CONFIRM
nextcloud — social
 
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. 2020-11-19 not yet calculated CVE-2020-8278
MISC
CONFIRM
nexttcloud — server
 
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. 2020-11-16 not yet calculated CVE-2020-8259
MISC
MISC
node — node.js
 
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. 2020-11-19 not yet calculated CVE-2020-8277
MISC
CONFIRM
oppo_security — com.coloros.codebook
 
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. 2020-11-19 not yet calculated CVE-2020-11829
CONFIRM
oppo_security — com.coloros.codebook
 
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. 2020-11-19 not yet calculated CVE-2020-11831
CONFIRM
oppo_security — com.coloros.codebook
 
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. 2020-11-19 not yet calculated CVE-2020-11830
CONFIRM
paradox — ip150
 
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). 2020-11-21 not yet calculated CVE-2020-25189
MISC
paradox — ip150
 
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). 2020-11-21 not yet calculated CVE-2020-25185
MISC
pdfresurrect — pdfresurrect
 
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). 2020-11-20 not yet calculated CVE-2020-20740
MISC
MISC
pescms — pescms_team
 
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= 2020-11-17 not yet calculated CVE-2020-28092
MISC
MISC
phpgurukul — user_registration_and_login_nd_user_management_system
 
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. 2020-11-18 not yet calculated CVE-2020-24723
MISC
MISC
phpgurukul — user_registration_and_login_user_management_system
 
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. 2020-11-16 not yet calculated CVE-2020-25952
MISC
MISC
MISC
planet_technology — corp_nvr-915_and_nvr-1615_products
 
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-11-18 not yet calculated CVE-2020-26097
MISC
prestashop — prestashop
 
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. 2020-11-16 not yet calculated CVE-2020-26224
MISC
CONFIRM
prestashop — product_comments
 
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0 2020-11-16 not yet calculated CVE-2020-26225
MISC
CONFIRM
primekey — ejbca
 
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA’s domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. 2020-11-19 not yet calculated CVE-2020-28942
MISC
pritunl — electron_client
 
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. 2020-11-19 not yet calculated CVE-2020-25989
CONFIRM
MISC
progress — moveit_transder
 
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim’s browser (XSS). 2020-11-17 not yet calculated CVE-2020-28647
CONFIRM
MISC
qnap — qts
 
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. 2020-11-16 not yet calculated CVE-2020-2490
CONFIRM
qnap — qts
 
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. 2020-11-16 not yet calculated CVE-2020-2492
CONFIRM
rclone — rclone
 
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed. 2020-11-19 not yet calculated CVE-2020-28924
MISC
MISC
red_hat — jboss_keycloak
 
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. 2020-11-17 not yet calculated CVE-2020-10776
MISC
red_hat — jboss_keycloak
 
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. 2020-11-17 not yet calculated CVE-2020-14389
MISC
red_hat — xpdf
 
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. 2020-11-21 not yet calculated CVE-2020-25725
CONFIRM
MISC
reddoxx — maildepot_2033
 
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. 2020-11-18 not yet calculated CVE-2020-26554
MISC
MISC
resourcexpress — qubi3_devices
 
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility. 2020-11-17 not yet calculated CVE-2020-25746
CONFIRM
MISC
rsa — archer
 
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application. 2020-11-18 not yet calculated CVE-2020-26884
CONFIRM
schneider_electric — easergy_t300
 
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. 2020-11-19 not yet calculated CVE-2020-7561
MISC
schneider_electric — ecostruxure_building_operation_enterprise_server
 
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 – V3.1 and Enterprise Central installer V2.0 – V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. 2020-11-19 not yet calculated CVE-2020-28209
MISC
schneider_electric — ecostruxure_building_operation_webreports A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. 2020-11-19 not yet calculated CVE-2020-7572
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. 2020-11-19 not yet calculated CVE-2020-7570
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. 2020-11-19 not yet calculated CVE-2020-7569
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users. 2020-11-19 not yet calculated CVE-2020-7571
MISC
schneider_electric — ecostruxure_building_operation_webreports
 
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. 2020-11-19 not yet calculated CVE-2020-7573
MISC
schneider_electric — ecostruxure_building_operation_webstation
 
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 – V3.1 that could cause an attacker to inject HTML and JavaScript code into the user’s browser. 2020-11-19 not yet calculated CVE-2020-28210
MISC
schneider_electric — ecostruxure_control_expert A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. 2020-11-19 not yet calculated CVE-2020-28213
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. 2020-11-19 not yet calculated CVE-2020-28212
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. 2020-11-19 not yet calculated CVE-2020-28211
MISC
schneider_electric — ecostruxure_control_expert
 
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. 2020-11-19 not yet calculated CVE-2020-7559
MISC
schneider_electric — ecostruxure_operator_terminal_expert
 
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. 2020-11-19 not yet calculated CVE-2020-7544
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7556
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7558
MISC
schneider_electric — igss_definition
 
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7557
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7555
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7550
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7551
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7552
MISC
schneider_electric — igss_definition
 
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7554
MISC
schneider_electric — igss_definition
 
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2020-11-19 not yet calculated CVE-2020-7553
MISC
schneider_electric — modicon_m221 A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller and broke the encryption keys. 2020-11-19 not yet calculated CVE-2020-7567
MISC
schneider_electric — modicon_m221
 
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. 2020-11-19 not yet calculated CVE-2020-7566
MISC
schneider_electric — modicon_m221
 
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. 2020-11-19 not yet calculated CVE-2020-7565
MISC
schneider_electric — modicon_m221
 
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. 2020-11-19 not yet calculated CVE-2020-7568
MISC
schneider_electric — multiple_products A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. 2020-11-18 not yet calculated CVE-2020-7564
MISC
schneider_electric — multiple_products
 
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. 2020-11-18 not yet calculated CVE-2020-7562
MISC
schneider_electric — multiple_products
 
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. 2020-11-18 not yet calculated CVE-2020-7563
MISC
schneider_electric — plc_simulator_on_ecostruxure_control_expert
 
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. 2020-11-19 not yet calculated CVE-2020-7538
MISC
scratchverifier — scratchverifier
 
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else’s account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login. 2020-11-20 not yet calculated CVE-2020-26236
MISC
CONFIRM
semantic-release — semantic-release
 
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3. 2020-11-18 not yet calculated CVE-2020-26226
MISC
CONFIRM
sensormatics_electronics — american_dynamics_victor_web_client_and_software_house_c.cure_web_client
 
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. 2020-11-19 not yet calculated CVE-2020-9049
CERT
CONFIRM
sokrates — sowa
 
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. 2020-11-19 not yet calculated CVE-2020-28350
MISC
sourcecodester — gym_management_system
 
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields ‘Package Name’ and ‘Description’. 2020-11-17 not yet calculated CVE-2020-28129
MISC
MISC
sourcecodester — online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. 2020-11-17 not yet calculated CVE-2020-28138
MISC
MISC
sourcecodester — online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. 2020-11-17 not yet calculated CVE-2020-28140
MISC
MISC
sourcecodester — online_clothing_store
 
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. 2020-11-17 not yet calculated CVE-2020-28139
MISC
MISC
sourcecodester — online_library_management_system
 
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). 2020-11-17 not yet calculated CVE-2020-28130
MISC
MISC
sourcecodester — simple_grocery_store_sales_and_inventory_system
 
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. 2020-11-17 not yet calculated CVE-2020-28133
MISC
MISC
sourcecodester — tourism_management_system
 
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. 2020-11-17 not yet calculated CVE-2020-28136
MISC
MISC
sourcecodester — water_billing_system
 
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. 2020-11-17 not yet calculated CVE-2020-28183
MISC
MISC
MISC
suitecrm — suitecrm SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. 2020-11-18 not yet calculated CVE-2020-15300
MISC
suitecrm — suitecrm
 
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. 2020-11-18 not yet calculated CVE-2020-15301
MISC
symantec — endpoint_detection_and_response
 
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. 2020-11-18 not yet calculated CVE-2020-12593
CONFIRM
taskcafe — project_management_tool
 
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. 2020-11-17 not yet calculated CVE-2020-25400
MISC
tenable — tp-link_archer
 
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. 2020-11-21 not yet calculated CVE-2020-5797
MISC
tobesoft — xplatform
 
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// 2020-11-17 not yet calculated CVE-2020-7841
MISC
tp-link — multiple_devices
 
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. 2020-11-20 not yet calculated CVE-2020-28877
MISC
tp-link — tl-wpa4220_devices
 
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 2020-11-18 not yet calculated CVE-2020-24297
MISC
MISC
tp-link — tl-wpa4220_devices
 
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 2020-11-18 not yet calculated CVE-2020-28005
MISC
MISC
trend_micro — apex_one
 
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. 2020-11-18 not yet calculated CVE-2020-28572
MISC
trend_micro — interscan_web_security_virtual_appliance A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28581
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28578
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28579
MISC
MISC
trend_micro — interscan_web_security_virtual_appliance
 
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. 2020-11-18 not yet calculated CVE-2020-28580
MISC
MISC
trend_micro — security_2020 Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. 2020-11-18 not yet calculated CVE-2020-27697
MISC
trend_micro — security_2020
 
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. 2020-11-18 not yet calculated CVE-2020-27695
MISC
trend_micro — security_2020
 
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. 2020-11-18 not yet calculated CVE-2020-27696
MISC
trend_micro — worry-free_business_security
 
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product’s management console. 2020-11-18 not yet calculated CVE-2020-28574
MISC
MISC
trusted_computing_group — trusted_platform_module_library_family
 
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack. 2020-11-18 not yet calculated CVE-2020-26933
MISC
CONFIRM
typ03 — typ03
 
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved. 2020-11-18 not yet calculated CVE-2020-28917
MISC
typo3 — fluid
 
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory. 2020-11-17 not yet calculated CVE-2020-26216
MISC
CONFIRM
MISC
valve — game_networking_sockets
 
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution. 2020-11-18 not yet calculated CVE-2020-6016
MISC
vmware — esxi
 
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) 2020-11-20 not yet calculated CVE-2020-4005
CONFIRM
vmware — multiple_products
 
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. 2020-11-20 not yet calculated CVE-2020-4004
CONFIRM
volkswagon — discover_media_infotainment_system
 
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. 2020-11-16 not yet calculated CVE-2020-28656
MISC
werkzeug — werkzeug
 
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. 2020-11-18 not yet calculated CVE-2020-28724
MISC
MISC
MISC
western_digital — inand_devices
 
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack. 2020-11-18 not yet calculated CVE-2020-13799
MISC
CONFIRM
wordpress — wordpress
 
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. 2020-11-16 not yet calculated CVE-2020-28650
MISC
wordpress — wordpress
 
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. 2020-11-16 not yet calculated CVE-2020-28649
MISC
MISC
xstream — xstream
 
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. 2020-11-16 not yet calculated CVE-2020-26217
CONFIRM
CONFIRM
CONFIRM
y18n — y18n
 
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require(‘y18n’)(); y18n.setLocale(‘__proto__’); y18n.updateLocale({polluted: true}); console.log(polluted); // true 2020-11-17 not yet calculated CVE-2020-7774
MISC
MISC
MISC
MISC
yzmcms — yzmcms
 
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. 2020-11-19 not yet calculated CVE-2020-22394
MISC
zte — multiple_devices
 
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2. 2020-11-19 not yet calculated CVE-2020-6879
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Posted by

in