Original release date: November 30, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. | 2020-11-24 | 10 |
CVE-2020-29056 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a “shawarma” attack. | 2020-11-24 | 7.8 |
CVE-2020-29057 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware. | 2020-11-24 | 7.5 |
CVE-2020-29059 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account. | 2020-11-24 | 7.5 |
CVE-2020-29060 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. | 2020-11-24 | 7.5 |
CVE-2020-29061 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account. | 2020-11-24 | 7.5 |
CVE-2020-29062 MISC |
craftercms — crafter_cms | In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. | 2020-11-27 | 7.5 |
CVE-2017-15681 MISC MISC |
ibm — spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. | 2020-11-23 | 7.5 |
CVE-2020-4854 XF CONFIRM |
newsscriptphp — news_script_php_pro | SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. | 2020-11-24 | 7.5 |
CVE-2020-25475 MISC MISC |
pcanalyser — pc_analyser | An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. | 2020-11-27 | 7.2 |
CVE-2020-28921 MISC MISC MISC |
pcanalyser — pc_analyser | An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges. | 2020-11-27 | 7.2 |
CVE-2020-28922 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
bigbluebutton — bigbluebutton | An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code. | 2020-11-26 | 4.3 |
CVE-2020-29042 MISC MISC MISC |
bigbluebutton — bigbluebutton | An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name. | 2020-11-26 | 5 |
CVE-2020-29043 MISC MISC MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests. | 2020-11-24 | 5 |
CVE-2020-29058 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn’t support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance. | 2020-11-24 | 4.3 |
CVE-2020-29055 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value. | 2020-11-24 | 5 |
CVE-2020-29063 MISC |
cdata — 72408a_firmware | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use “show system infor” to discover cleartext TELNET credentials. | 2020-11-24 | 5 |
CVE-2020-29054 MISC |
craftercms — crafter_cms | Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. | 2020-11-27 | 5 |
CVE-2017-15684 MISC MISC |
craftercms — crafter_cms | Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | 2020-11-27 | 5 |
CVE-2017-15685 MISC MISC |
craftercms — crafter_cms | In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | 2020-11-27 | 5 |
CVE-2017-15683 MISC MISC |
craftercms — crafter_cms | In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. | 2020-11-27 | 4.3 |
CVE-2017-15682 MISC MISC |
craftercms — crafter_cms | Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies. | 2020-11-27 | 4.3 |
CVE-2017-15686 MISC |
craftercms — crafter_cms | In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. | 2020-11-27 | 6.4 |
CVE-2017-15680 MISC MISC |
glpi-project — glpi | In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). | 2020-11-26 | 4 |
CVE-2020-27663 MISC |
glpi-project — glpi | In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). | 2020-11-26 | 4 |
CVE-2020-27662 MISC |
hrsale — hrsale | HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter. | 2020-11-24 | 4.3 |
CVE-2020-29053 MISC MISC |
ibm — spectrum_control | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. | 2020-11-23 | 4.3 |
CVE-2020-4783 XF CONFIRM |
ibm — spectrum_protect_operations_center | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993. | 2020-11-23 | 5 |
CVE-2020-4771 XF CONFIRM |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. | 2020-11-20 | 5 |
CVE-2020-4937 XF CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13. | 2020-11-23 | 4 |
CVE-2018-20804 CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected. | 2020-11-23 | 4 |
CVE-2020-7926 CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3. | 2020-11-23 | 4 |
CVE-2018-20802 CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20. | 2020-11-23 | 4 |
CVE-2019-2392 CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5. | 2020-11-23 | 4 |
CVE-2018-20805 CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine’s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7. | 2020-11-23 | 4 |
CVE-2019-20923 CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2. | 2020-11-23 | 4 |
CVE-2019-20924 CONFIRM |
mongodb — mongodb | A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15. | 2020-11-23 | 4 |
CVE-2019-2393 CONFIRM |
newsscriptphp — news_script_php_pro | SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. | 2020-11-24 | 4.3 |
CVE-2020-25474 MISC MISC MISC |
newsscriptphp — news_script_php_pro | SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. | 2020-11-24 | 4.3 |
CVE-2020-25472 MISC MISC MISC |
tianocore — edk2 | Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | 2020-11-23 | 5.2 |
CVE-2019-14586 MISC |
tianocore — edk2 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-11-23 | 4.6 |
CVE-2019-14575 MISC |
tianocore — edk2 | Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | 2020-11-23 | 4 |
CVE-2019-14553 MISC |
tianocore — edk2 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 2020-11-23 | 4.6 |
CVE-2019-14563 MISC |
tianocore — edk2 | Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | 2020-11-23 | 5 |
CVE-2019-14559 MISC |
v-secure — jingyun_antivirus | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020. | 2020-11-23 | 4.6 |
CVE-2018-16723 MISC MISC |
v-secure — jingyun_antivirus | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305. | 2020-11-23 | 4.6 |
CVE-2018-16722 MISC MISC |
v-secure — jingyun_antivirus | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306. | 2020-11-23 | 4.6 |
CVE-2018-16721 MISC MISC |
v-secure — jingyun_antivirus | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304. | 2020-11-23 | 4.6 |
CVE-2018-16720 MISC MISC |
v-secure — jingyun_antivirus | In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482. | 2020-11-23 | 4.6 |
CVE-2018-16719 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
oscommerce — oscommerce | osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. | 2020-11-25 | 3.5 |
CVE-2020-29070 MISC MISC MISC |
tianocore — edk2 | Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2020-11-23 | 3.3 |
CVE-2019-14587 MISC |
tianocore — edk2 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. | 2020-11-23 | 2.1 |
CVE-2019-14562 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — unomi |
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem. | 2020-11-24 | not yet calculated |
CVE-2020-13942 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST |
atlassian — fisheye/crucible | Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | 2020-11-25 | not yet calculated |
CVE-2020-14191 MISC MISC |
atlassian — fisheye/crucible |
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. | 2020-11-25 | not yet calculated |
CVE-2020-14190 MISC MISC |
b&r_industrial_automation — aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983. | 2020-11-27 | not yet calculated |
CVE-2019-19873 MISC |
b&r_industrial_automation — aprol |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. | 2020-11-27 | not yet calculated |
CVE-2019-19876 MISC |
b&r_industrial_automation — aprol |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. | 2020-11-27 | not yet calculated |
CVE-2019-19878 MISC |
b&r_industrial_automation — aprol |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. | 2020-11-27 | not yet calculated |
CVE-2019-19877 MISC |
b&r_industrial_automation — aprol |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. | 2020-11-27 | not yet calculated |
CVE-2019-19875 MISC |
b&r_industrial_automation — aprol |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364. | 2020-11-27 | not yet calculated |
CVE-2019-19874 MISC |
b&r_industrial_automation — aprol |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364. | 2020-11-27 | not yet calculated |
CVE-2019-19872 MISC |
b&r_industrial_automation — aprol |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface. | 2020-11-27 | not yet calculated |
CVE-2019-19869 MISC |
barco — wepresent_wiph-1600w_devices
|
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a “SEID” token that is appended to the end of URLs in GET requests. Thus the “SEID” would be exposed in web proxy logs and browser history. An attacker that is able to capture the “SEID” and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials. | 2020-11-24 | not yet calculated |
CVE-2020-28333 MISC MISC |
barco — wepresent_wiph-1600w_devices
|
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. | 2020-11-24 | not yet calculated |
CVE-2020-28334 MISC MISC |
barco — wepresent_wiph-1600w_devices |
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. | 2020-11-24 | not yet calculated |
CVE-2020-28329 MISC |
barco — wepresent_wiph-1600w_devices |
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device. | 2020-11-24 | not yet calculated |
CVE-2020-28330 MISC |
barco — wepresent_wiph-1600w_devices |
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots. | 2020-11-24 | not yet calculated |
CVE-2020-28331 MISC MISC |
barco — wepresent_wiph-1600w_devices |
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. | 2020-11-24 | not yet calculated |
CVE-2020-28332 MISC MISC |
blosc — c-blosc2 |
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. | 2020-11-27 | not yet calculated |
CVE-2020-29367 MISC MISC |
broadcom — ca_unified_infrastructure_management |
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | 2020-11-23 | not yet calculated |
CVE-2020-28421 FULLDISC MISC |
cephx — cephx |
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. | 2020-11-23 | not yet calculated |
CVE-2020-25660 MISC MISC MISC |
cloudera — data_engineering |
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. | 2020-11-26 | not yet calculated |
CVE-2020-26936 MISC CONFIRM |
coremail — coremail_xt |
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. | 2020-11-27 | not yet calculated |
CVE-2020-29133 MISC |
cpanel — cpanel | cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). | 2020-11-27 | not yet calculated |
CVE-2020-29137 MISC |
cpanel — cpanel |
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | 2020-11-27 | not yet calculated |
CVE-2020-29136 MISC |
cpanel — cpanel |
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). | 2020-11-27 | not yet calculated |
CVE-2020-29135 MISC |
crixp — opencrx |
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020. | 2020-11-24 | not yet calculated |
CVE-2020-7378 MISC |
cron-utils — cron-utils |
Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3. | 2020-11-25 | not yet calculated |
CVE-2020-26238 MISC MISC CONFIRM |
cyberark — endpoint_privilege_manager |
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | 2020-11-27 | not yet calculated |
CVE-2020-25738 MISC MISC |
eclipse — jetty |
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. | 2020-11-28 | not yet calculated |
CVE-2020-27218 CONFIRM CONFIRM |
ericsson — bscs_ix_r18_billing&rating_ix |
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework. | 2020-11-27 | not yet calculated |
CVE-2020-29145 MISC |
ericsson — bscs_ix_r18_billing&rating_ix |
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework. | 2020-11-27 | not yet calculated |
CVE-2020-29144 MISC |
fastgate — gpon_fga2130fwb_devices |
Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker’s ability to perform administrative actions such as modifying the configuration. | 2020-11-24 | not yet calculated |
CVE-2020-13620 MISC MISC |
fedora — pacemaker |
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. | 2020-11-24 | not yet calculated |
CVE-2020-25654 MISC MISC FEDORA FEDORA MISC |
geth — geth |
Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | 2020-11-25 | not yet calculated |
CVE-2020-26242 MISC CONFIRM |
geth — geth |
Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24 | 2020-11-25 | not yet calculated |
CVE-2020-26240 MISC MISC MISC CONFIRM |
geth — geth |
Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth’s pre-compiled dataCopy (at 0x00…04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17. | 2020-11-25 | not yet calculated |
CVE-2020-26241 MISC CONFIRM |
gitea — gitea |
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. | 2020-11-24 | not yet calculated |
CVE-2020-28991 MISC MISC |
glpi — glpi |
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. Steps to reproduce the behavior: 1. Create a new planning with ‘eduardo.mozart’ user (from ‘IT’ group that belongs to ‘Super-admin’) into it’s personal planning at ‘Assistance’ > ‘Planning’. 2. Copy the CalDAV url and use a CalDAV client (e.g. Thunderbird) to sync the planning with the provided URL. 3. Inform the username and password from any valid user (e.g. ‘camila’ from ‘Proativa’ group). 4. ‘Camila’ has read-only access to ‘eduardo.mozart’ personal planning. The same behavior happens to any group. E.g. ‘Camila’ has access to ‘IT’ group planning, even if she doesn’t belong to this group and has a ‘Self-service’ profile permission). This issue is fixed in version 9.5.3. As a workaround, one can remove the `caldav.php` file to block access to CalDAV server. | 2020-11-25 | not yet calculated |
CVE-2020-26212 MISC MISC CONFIRM |
gluster-block — gluster-block |
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality. | 2020-11-24 | not yet calculated |
CVE-2020-10762 MISC MISC |
hashicorp — consul_and_consul_enterprise |
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. | 2020-11-23 | not yet calculated |
CVE-2020-28053 MISC MISC |
hasicorp — nomad_and_nomad_enterprise |
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. | 2020-11-24 | not yet calculated |
CVE-2020-28348 MISC MISC |
hcl — domino |
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. | 2020-11-21 | not yet calculated |
CVE-2020-14230 CONFIRM |
hcl — domino |
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. | 2020-11-21 | not yet calculated |
CVE-2020-14234 CONFIRM |
hcl — notes |
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected. | 2020-11-21 | not yet calculated |
CVE-2020-14258 CONFIRM |
heketi — hecketi_server |
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. | 2020-11-24 | not yet calculated |
CVE-2020-10763 MISC MISC |
highlight.js — highlight.js |
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object’s prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release. | 2020-11-24 | not yet calculated |
CVE-2020-26237 MISC MISC CONFIRM MISC |
ibm — power9 |
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | 2020-11-20 | not yet calculated |
CVE-2020-4788 MLIST MLIST XF FEDORA FEDORA CONFIRM |
intel — bluez |
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2020-11-23 | not yet calculated |
CVE-2020-12351 MISC |
intel — bluez |
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2020-11-23 | not yet calculated |
CVE-2020-12352 MISC |
intel — proset/wireless_wifi_products |
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | 2020-11-23 | not yet calculated |
CVE-2020-0569 MISC |
intelbras — multiple_devices |
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. | 2020-11-27 | not yet calculated |
CVE-2020-12262 MISC MISC |
intelbras — tip_devices |
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. | 2020-11-26 | not yet calculated |
CVE-2020-13886 MISC MISC |
jupyter — jupyter_server |
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. | 2020-11-24 | not yet calculated |
CVE-2020-26232 CONFIRM MISC MISC |
karenderia — multiple_restuarant_system |
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database. | 2020-11-24 | not yet calculated |
CVE-2020-28994 MISC |
laravel — php_framework |
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. | 2020-11-23 | not yet calculated |
CVE-2020-15247 MISC CONFIRM |
laravel — php_framework |
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under the website’s domain (i.e. /storage/app/media/evil.svg), but they would have to convince their target to visit that location directly in the target’s browser as the backend does not display SVGs inline anywhere, SVGs are only displayed as image resources in the backend and are thus unable to be executed. Issue has been patched in Build 469 (v1.0.469) & v1.1.0. | 2020-11-23 | not yet calculated |
CVE-2020-15249 MISC CONFIRM |
laravel — php_framework |
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 470 (v1.0.470) and v1.1.1. | 2020-11-23 | not yet calculated |
CVE-2020-26231 MISC CONFIRM |
laravel — php_framework |
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default “Publisher” system role have access to create & manage users where they can choose which role the new user has. This means that a user with “Publisher” access has the ability to escalate their access to “Developer” access. Issue has been patched in Build 470 (v1.0.470) & v1.1.1. | 2020-11-23 | not yet calculated |
CVE-2020-15248 MISC CONFIRM |
laravel — php_framework |
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. | 2020-11-23 | not yet calculated |
CVE-2020-15246 MISC CONFIRM |
libslirp — ncsi.c |
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | 2020-11-26 | not yet calculated |
CVE-2020-29130 MLIST MISC |
libslirp — ncsi.c |
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | 2020-11-26 | not yet calculated |
CVE-2020-29129 MLIST MISC |
libvncserver — libvncserver |
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | 2020-11-27 | not yet calculated |
CVE-2020-25708 MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. | 2020-11-28 | not yet calculated |
CVE-2020-29374 MISC MISC MISC |
linux — linux_kernel |
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. | 2020-11-23 | not yet calculated |
CVE-2020-15437 MISC |
linux — linux_kernel |
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | 2020-11-23 | not yet calculated |
CVE-2020-15436 MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | 2020-11-28 | not yet calculated |
CVE-2019-20934 MISC MISC MISC |
linux — linux_kernel |
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. | 2020-11-20 | not yet calculated |
CVE-2020-28974 MLIST MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. | 2020-11-28 | not yet calculated |
CVE-2020-29373 MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. | 2020-11-28 | not yet calculated |
CVE-2020-29372 MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | 2020-11-28 | not yet calculated |
CVE-2020-29371 MISC MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | 2020-11-28 | not yet calculated |
CVE-2020-29370 MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. | 2020-11-28 | not yet calculated |
CVE-2020-29369 MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | 2020-11-28 | not yet calculated |
CVE-2020-29368 MISC MISC MISC |
liquidfiles — liquidfiles | A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js. | 2020-11-25 | not yet calculated |
CVE-2020-29072 MISC MISC |
liquidfiles — liquidfiles |
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user. | 2020-11-25 | not yet calculated |
CVE-2020-29071 MISC MISC |
magicpin — magicpin |
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | 2020-11-23 | not yet calculated |
CVE-2020-28927 MISC MISC |
microstrategy — microstrategy |
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020. | 2020-11-24 | not yet calculated |
CVE-2020-24815 MISC MISC MISC |
misp — misp |
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. | 2020-11-24 | not yet calculated |
CVE-2020-29006 MISC MISC |
modern_honey_network — modern_honey_network |
_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string. | 2020-11-25 | not yet calculated |
CVE-2020-29069 MISC |
mongodb — mongodb_server | Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9. | 2020-11-23 | not yet calculated |
CVE-2020-7925 CONFIRM |
mongodb — mongodb_server |
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19. | 2020-11-23 | not yet calculated |
CVE-2018-20803 MISC |
mongodb — mongodb_server |
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24. | 2020-11-24 | not yet calculated |
CVE-2019-20925 CONFIRM |
mongodb — mongodb_server |
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20. | 2020-11-23 | not yet calculated |
CVE-2020-7928 MISC |
mongodb — ops_manager |
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2. | 2020-11-23 | not yet calculated |
CVE-2020-7927 CONFIRM |
musl_libc — musl_libc |
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | 2020-11-24 | not yet calculated |
CVE-2020-28928 CONFIRM MISC |
mutt — mutt_and_neomutt |
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server’s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. | 2020-11-23 | not yet calculated |
CVE-2020-28896 MISC MISC MISC MISC |
nanopb — nonopb |
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards. | 2020-11-25 | not yet calculated |
CVE-2020-26243 MISC MISC MISC CONFIRM |
netgear — gs108ev3 |
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product’s settings may be changed without the user’s intention or consent via unspecified vectors. | 2020-11-24 | not yet calculated |
CVE-2020-5641 MISC MISC |
openwall — spice-vdagentd | A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. | 2020-11-26 | not yet calculated |
CVE-2020-25653 MISC MISC |
openwall — spice-vdagentd |
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. | 2020-11-26 | not yet calculated |
CVE-2020-25651 MISC MISC |
openwall — spice-vdagentd |
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior. | 2020-11-26 | not yet calculated |
CVE-2020-25652 MISC MISC |
openwall — spice-vdagentd |
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions. | 2020-11-25 | not yet calculated |
CVE-2020-25650 MISC MISC |
ortus — testbox |
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application’s context) containing attacker-defined CFML tags, leading to Remote Code Execution. | 2020-11-24 | not yet calculated |
CVE-2020-15929 MISC |
ortus — testbox |
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal. | 2020-11-24 | not yet calculated |
CVE-2020-15928 MISC |
otrs — otrs |
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions. | 2020-11-23 | not yet calculated |
CVE-2020-1778 CONFIRM |
paradox — ip150 |
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | 2020-11-21 | not yet calculated |
CVE-2020-25189 MISC |
paradox — ip150 |
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | 2020-11-21 | not yet calculated |
CVE-2020-25185 MISC |
petl — petl |
petl before 1.68, in some configurations, allows resolution of entities in an XML document. | 2020-11-26 | not yet calculated |
CVE-2020-29128 MISC MISC MISC MISC MISC |
playground — playground_sessions |
Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. | 2020-11-23 | not yet calculated |
CVE-2020-24227 MISC |
postgresql — postgresql | A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-11-23 | not yet calculated |
CVE-2020-25696 MISC MISC |
real_time_automation — 499es_ethernet/ip_adaptor_source_code |
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution. | 2020-11-24 | not yet calculated |
CVE-2020-25159 MISC |
red_hat — red_hat_enterprise_linux_7 |
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. | 2020-11-27 | not yet calculated |
CVE-2020-10772 MISC |
regex — regex |
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques. | 2020-11-23 | not yet calculated |
CVE-2020-28360 MISC MISC |
rhacm — rhacm | A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible. | 2020-11-23 | not yet calculated |
CVE-2020-25688 MISC |
rockwell_automation — factorytalk_linx |
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device. | 2020-11-26 | not yet calculated |
CVE-2020-27253 MISC |
rockwell_automation — factorytalk_linx |
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution. | 2020-11-26 | not yet calculated |
CVE-2020-27251 MISC |
rockwell_automation — factorytalk_linx |
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR). | 2020-11-26 | not yet calculated |
CVE-2020-27255 MISC |
rust — time_crate |
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23. | 2020-11-24 | not yet calculated |
CVE-2020-26235 MISC MISC CONFIRM |
sagecom — f@st3486_net_docsis |
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running. | 2020-11-27 | not yet calculated |
CVE-2020-29138 MISC |
schedmd — slurm |
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | 2020-11-27 | not yet calculated |
CVE-2020-27745 MISC |
schedmd — slurm |
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. | 2020-11-27 | not yet calculated |
CVE-2020-27746 MISC |
scratch — addons |
Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escaped values to be unescaped, leading to XSS. Scratch Addons version 1.3.2 fixes the bug. The extension will be automatically updated by the browser. More Links addon can be disabled via the option of the extension. | 2020-11-23 | not yet calculated |
CVE-2020-26239 MISC MISC MISC CONFIRM |
security_onion — security_onion |
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows local users to obtain root access by editing and executing /home/<user>/SecurityOnion/setup/so-setup. | 2020-11-23 | not yet calculated |
CVE-2020-27985 MISC MISC MISC |
seiko — epson |
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2020-11-24 | not yet calculated |
CVE-2020-5674 MISC MISC MISC |
simplephpscripts — news_script_php_pro |
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. | 2020-11-24 | not yet calculated |
CVE-2020-25473 MISC MISC MISC |
snyk — com.softwaremill.akka-http-session:core |
This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. | 2020-11-27 | not yet calculated |
CVE-2020-7780 MISC MISC MISC MISC MISC MISC |
snyk — djvalidator |
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails – for example, –@————————————————————————————————————————!. | 2020-11-26 | not yet calculated |
CVE-2020-7779 MISC |
snyk — jsen |
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution. | 2020-11-23 | not yet calculated |
CVE-2020-7777 MISC MISC |
snyk — systeminformation |
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. | 2020-11-26 | not yet calculated |
CVE-2020-7778 MISC MISC MISC MISC MISC |
sourceforge — seedms |
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php. | 2020-11-24 | not yet calculated |
CVE-2020-28726 CONFIRM |
spip — spip |
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. | 2020-11-23 | not yet calculated |
CVE-2020-28984 MISC MISC DEBIAN |
synapse — matrix |
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room’s state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender. | 2020-11-24 | not yet calculated |
CVE-2020-26890 MISC |
systeminformation — systeminformation |
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite(). | 2020-11-27 | not yet calculated |
CVE-2020-26245 MISC CONFIRM |
tableau — tableau_server |
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2. | 2020-11-23 | not yet calculated |
CVE-2020-6939 CONFIRM |
totolink — multiple_products |
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. | 2020-11-24 | not yet calculated |
CVE-2015-9550 MISC |
totolink — multiple_products |
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. | 2020-11-24 | not yet calculated |
CVE-2015-9551 MISC |
typ03 — typ03 |
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical – it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default – and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described. | 2020-11-23 | not yet calculated |
CVE-2020-26229 CONFIRM MISC |
typ03 — typ03 |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext – without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack – like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | 2020-11-23 | not yet calculated |
CVE-2020-26228 CONFIRM MISC |
typ03 — typ03 |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | 2020-11-23 | not yet calculated |
CVE-2020-26227 CONFIRM MISC |
unix — symbolic_link |
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | 2020-11-21 | not yet calculated |
CVE-2020-5797 MISC |
vmware — multiple_products |
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 2020-11-23 | not yet calculated |
CVE-2020-4006 MISC |
vmware — sd-wan_orchestrator
|
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges. | 2020-11-24 | not yet calculated |
CVE-2020-3985 MISC |
vmware — sd-wan_orchestrator
|
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access. | 2020-11-24 | not yet calculated |
CVE-2020-3984 MISC |
vmware — sd-wan_orchestrator
|
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system. | 2020-11-24 | not yet calculated |
CVE-2020-4003 MISC |
vmware — sd-wan_orchestrator
|
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. | 2020-11-24 | not yet calculated |
CVE-2020-4001 MISC |
vmware — sd-wan_orchestrator |
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files. | 2020-11-24 | not yet calculated |
CVE-2020-4000 MISC |
vmware — sd-wan_orchestrator |
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure. | 2020-11-24 | not yet calculated |
CVE-2020-4003 MISC |
wikimedia — colognebluetemplate.php |
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. | 2020-11-24 | not yet calculated |
CVE-2020-29002 MISC MISC |
wikimedia — pollny_extension |
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. | 2020-11-24 | not yet calculated |
CVE-2020-29003 MISC |
wildfly — wildfly |
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | 2020-11-24 | not yet calculated |
CVE-2020-25640 MISC MISC |
winscp — winscp |
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. | 2020-11-23 | not yet calculated |
CVE-2020-28864 MISC MISC |
x11vnc — x11vnc |
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | 2020-11-25 | not yet calculated |
CVE-2020-29074 MISC DEBIAN |
xen — xen |
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. | 2020-11-24 | not yet calculated |
CVE-2020-29040 MISC |
xpdf — xpdf |
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. | 2020-11-21 | not yet calculated |
CVE-2020-25725 CONFIRM MISC |
zetetic — sqlcipher |
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. | 2020-11-26 | not yet calculated |
CVE-2020-27207 CONFIRM MISC MISC |
zyxel — zyxel |
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet. | 2020-11-27 | not yet calculated |
CVE-2020-25014 MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.