Security Bulletin 25 Mar 2020

Published on 25 Mar 2020

Updated on 25 Mar 2020

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-1953Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.10https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
CVE-2020-9423LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges.9.8https://www.coresecurity.com/advisories/logicaldoc-virtual-appliance-multiple-vulnerabilities
CVE-2020-9352An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.9.8https://blog.certimetergroup.com/it/articolo/security/smartclient-v12-xml-external-entity--cve-2020-9352
CVE-2020-93472020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh DISPUTED 2020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products.9.8https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.x_CSV_Excel_Macro_Injection.txt
CVE-2020-8786SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).9.8https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23
CVE-2020-8785SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).9.8https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23
CVE-2020-8784SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).9.8https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23
CVE-2020-8783SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).9.8https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23
CVE-2020-8600Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.9.8https://success.trendmicro.com/jp/solution/000244836
CVE-2020-8599Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.9.8https://success.trendmicro.com/jp/solution/000244253
CVE-2020-8598Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.9.8https://success.trendmicro.com/jp/solution/000244253
CVE-2020-8518Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.9.8http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html
CVE-2020-8113GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.9.8https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-7604pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.9.8https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122
CVE-2020-6990Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.9.8https://www.us-cert.gov/ics/advisories/icsa-20-070-06
CVE-2020-6581Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \\n as the character \\ and the character n (not as the \\n newline sequence). This can cause command injection.9.8https://herolab.usd.de/security-advisories/
CVE-2020-5847Unraid through 6.8.0 allows Remote Code Execution.9.8https://forums.unraid.net/forum/7-announcements/
CVE-2020-5547Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.9.8https://jvn.jp/en/vu/JVNVU92370624/index.html
CVE-2020-5545TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.9.8https://jvn.jp/en/vu/JVNVU92370624/index.html
CVE-2020-5544Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.9.8https://jvn.jp/en/vu/JVNVU92370624/index.html
CVE-2020-5543TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet.9.8https://jvn.jp/en/vu/JVNVU92370624/index.html
CVE-2020-5542Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.9.8https://jvn.jp/en/vu/JVNVU92370624/index.html
CVE-2020-5253NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.9.8https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8
CVE-2020-3922LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation.9.8https://gist.github.com/tonykuo76/50350af9b77eb51f5ab55964a35f47f2
CVE-2020-10674PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.9.8https://metacpan.org/source/JKAMPHAUS/PerlSpeak-2.01/Changes
CVE-2020-10574An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.9.8https://github.com/meetecho/janus-gateway/pull/1989
CVE-2020-10571An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.9.8https://github.com/psd-tools/psd-tools/pull/198
CVE-2020-10567An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)9.8https://github.com/trippo/ResponsiveFilemanager/issues/600
CVE-2020-10564An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.9.8https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report/
CVE-2020-10563An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query.9.8https://cvecps.mitre.org/cps/workitems/create/?cveId=CVE-2020-10563
CVE-2020-10541Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.9.8https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125108
CVE-2020-10534In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.9.8https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b
CVE-2020-10380RMySQL through 0.10.19 allows SQL Injection.9.8https://github.com/r-dbi/RMySQL/blob/master/NEWS.md
CVE-2020-10243An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.9.8https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters
CVE-2020-10230CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.9.8https://centos-webpanel.com/changelog-cwp7
CVE-2020-10121cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).9.8https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10119cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).9.8https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10077GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.9.8https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10074GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.9.8https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-9543OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.9.4http://www.openwall.com/lists/oss-security/2020/03/12/1
CVE-2020-1887Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.9.1https://github.com/osquery/osquery/pull/6197
CVE-2020-10594An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained.9.1https://github.com/jpadilla/django-rest-framework-jwt/issues/484
CVE-2020-10118cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).9.1https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10117cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).9.1https://documentation.cpanel.net/display/CL/84+Change+Log

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-9471Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.8.8https://gitlab.com/eLeN3Re/cve-2020-9471
CVE-2020-9346Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.8.8https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.4_CSRF.txt
CVE-2020-8882This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811.8.8https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2020-8881This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774.8.8https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2020-8880This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773.8.8https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2020-8878This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625.8.8https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2020-8468Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.8.8https://success.trendmicro.com/jp/solution/000244253
CVE-2020-8467A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.8.8https://success.trendmicro.com/jp/solution/000244253
CVE-2020-6585Nagios Log Server 2.1.3 has CSRF.8.8https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT
CVE-2020-5546Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.8.8https://jvn.jp/en/vu/JVNVU92370624/index.html
CVE-2020-3947VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.8.8https://www.vmware.com/security/advisories/VMSA-2020-0004.html
CVE-2020-10678In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.8.8https://github.com/OctopusDeploy/Issues/issues/6258
CVE-2020-10673FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).8.8https://github.com/FasterXML/jackson-databind/issues/2660
CVE-2020-10672FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).8.8https://github.com/FasterXML/jackson-databind/issues/2659
CVE-2020-10671The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.8.8http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html
CVE-2020-10568The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.8.8https://medium.com/@arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577
CVE-2020-10557An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.8.8https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557
CVE-2020-10540Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.8.8https://help.untis.at/hc/de/articles/360008456699-WebUntis-Release-Notes
CVE-2020-10531An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.8.8https://access.redhat.com/errata/RHSA-2020:0738
CVE-2020-10241An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.8.8https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions
CVE-2020-10239An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.8.8https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field
CVE-2020-0869A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809.8.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0869
CVE-2020-5240In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1.8.5https://github.com/labd/wagtail-2fa/commit/ac23550d33b7436e90e3beea904647907eba5b74
CVE-2020-7006Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.8.4https://www.us-cert.gov/ics/advisories/icsa-20-079-01
CVE-2020-7982An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).8.1https://github.com/openwrt/openwrt/commits/master
CVE-2020-5257In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.8.1https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3
CVE-2020-5254In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.8.1https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9
CVE-2020-2604Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).8.1http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
CVE-2020-1864Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.8.1https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-authentication-en
CVE-2020-10804In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).8https://www.phpmyadmin.net/security/PMASA-2020-2/
CVE-2020-10802In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.8https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html
CVE-2020-8469Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.7.8https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124168.aspx
CVE-2020-7002Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file.7.8https://www.us-cert.gov/ics/advisories/icsa-20-077-01
CVE-2020-6404Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.7.8http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
CVE-2020-3948Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.7.8https://www.vmware.com/security/advisories/VMSA-2020-0004.html
CVE-2020-3266A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.7.8https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwclici-cvrQpH9v
CVE-2020-3265A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges.7.8https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9
CVE-2020-1738A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.7.8https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
CVE-2020-10587antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.7.8https://gist.github.com/bash-c/d2055b5047e56a0b49c95b461347c619#file-antix-exp-sh
CVE-2020-10566grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.7.8https://svnweb.freebsd.org/ports?view=revision&revision=525916
CVE-2020-10565grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.7.8https://svnweb.freebsd.org/ports?view=revision&revision=525916
CVE-2020-0887An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0887
CVE-2020-0877An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0877
CVE-2020-0868An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0867.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0868
CVE-2020-0867An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0867
CVE-2020-0840An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0840
CVE-2020-0834An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0834
CVE-2020-0783An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0783
CVE-2020-0781An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0781
CVE-2020-0780An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0780
CVE-2020-0778An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0778
CVE-2020-0565Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.7.8https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0546Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.7.8https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00326.html
CVE-2020-0530Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html7.8https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html
CVE-2020-0520Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.7.8https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0519Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.7.8https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0515Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access7.8https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0514Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.7.8https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0508Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.7.8https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0504Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.7.8https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-9431In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.7.5http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
CVE-2020-9430In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.7.5http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
CVE-2020-9429In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.7.5http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
CVE-2020-9428In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.7.5http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
CVE-2020-9325Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.7.5https://www.aquaforest.com/en/release_history.asp
CVE-2020-9324Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.7.5https://www.aquaforest.com/en/release_history.asp
CVE-2020-9321configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.7.5https://github.com/containous/traefik/pull/6281
CVE-2020-8787SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.7.5https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23
CVE-2020-8571StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).7.5https://security.netapp.com/advisory/ntap-20200313-0005/
CVE-2020-8470Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.7.5https://success.trendmicro.com/jp/solution/000244253
CVE-2020-7919Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.7.5https://groups.google.com/forum/#!forum/golang-announce
CVE-2020-7608yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.7.5https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
CVE-2020-7248libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.7.5https://github.com/openwrt/openwrt/commits/master
CVE-2020-7044In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.7.5http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
CVE-2020-6988Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.7.5https://www.us-cert.gov/ics/advisories/icsa-20-070-06
CVE-2020-6984Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.7.5https://www.us-cert.gov/ics/advisories/icsa-20-070-06
CVE-2020-6582Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.7.5https://herolab.usd.de/security-advisories/
CVE-2020-5849Unraid 6.8.0 allows authentication bypass.7.5https://forums.unraid.net/forum/7-announcements/
CVE-2020-3123A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.7.5https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
CVE-2020-1863Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.7.5https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en
CVE-2020-10812An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.7.5https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
CVE-2020-10675The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.7.5https://github.com/buger/jsonparser/issues/188
CVE-2020-10593Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.7.5https://trac.torproject.org/projects/tor/ticket/33619
CVE-2020-10592Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.7.5https://trac.torproject.org/projects/tor/ticket/33120
CVE-2020-10591An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey.7.5https://github.com/walmartlabs/concord/compare/1.43.0...1.44.0
CVE-2020-10573An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.7.5https://github.com/meetecho/janus-gateway/pull/1988
CVE-2020-10532The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.7.5https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/-credential-disclosure-in-watchguard-fireware-ad-helper-component
CVE-2020-10238An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.7.5https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates
CVE-2020-101112020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh DISPUTED 2020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization.7.5http://packetstormsecurity.com/files/156661/Citrix-Gateway-11.1-12.0-12.1-Cache-Bypass.html
CVE-2020-0847A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0847
CVE-2020-0833A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833
CVE-2020-0832A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0832
CVE-2020-0830A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0830
CVE-2020-5844index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.7.2https://github.com/TheCyberGeek/CVE-2020-5844
CVE-2020-10562An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.7.2https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8
CVE-2020-10120cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).7.2https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10115cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).7.2https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-3264A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.7.1https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2
CVE-2020-0785An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.7.1https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0785
CVE-2020-1705A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.7https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1705
CVE-2020-10174init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.7http://www.openwall.com/lists/oss-security/2020/03/06/3
CVE-2020-2601Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).6.8http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
CVE-2020-0526Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html6.7https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html
CVE-2020-9472Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.6.5https://gitlab.com/eLeN3Re/cve-2020-9472
CVE-2020-7916be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data.6.5https://wordpress.org/plugins/learnpress/#developers
CVE-2020-6584Nagios Log Server 2.1.3 has Incorrect Access Control.6.5https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT
CVE-2020-10811An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.6.5https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
CVE-2020-10810An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.6.5https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
CVE-2020-10809An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.6.5https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
CVE-2020-10122cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).6.5https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-4205IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.6.3https://exchange.xforce.ibmcloud.com/vulnerabilities/174961
CVE-2020-10195The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.6.3https://wpvulndb.com/vulnerabilities/10127
CVE-2020-9443Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.6.1https://blog.zulip.org/2020/02/29/zulip-desktop-4-0-3-security-release/
CVE-2020-9344Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.6.1https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin
CVE-2020-10670The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.6.1http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html
CVE-2020-10668The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.6.1http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html
CVE-2020-10667The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.6.1http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html
CVE-2020-10544An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.6.1https://github.com/primefaces/primefaces/issues/5642
CVE-2020-10242An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.6.1https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3
CVE-2020-10196An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications.6.1https://wpvulndb.com/vulnerabilities/10127
CVE-2020-10114cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).6.1https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10113cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).6.1https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10075GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.6.1https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-0505Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local6.1https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-6175Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.5.9https://support.citrix.com/article/CTX263526
CVE-2020-0574Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access.5.9https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00349.html
CVE-2020-9064Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.5.5https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-smartphone-en
CVE-2020-6976Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation.5.5https://www.us-cert.gov/ics/advisories/icsa-20-077-01
CVE-2020-5961NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.5.5https://nvidia.custhelp.com/app/answers/detail/a_id/4996
CVE-2020-5960NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.5.5https://nvidia.custhelp.com/app/answers/detail/a_id/4996
CVE-2020-5262In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.5.5https://github.com/easybuilders/easybuild-framework/pull/3248
CVE-2020-1951A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.5.5https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E
CVE-2020-1950A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.5.5https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E
CVE-2020-1753A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.5.5https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
CVE-2020-0567Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.5.5https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0516Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.5.5http://packetstormsecurity.com/files/156761/ShaderCache-Arbitrary-File-Creation-Privilege-Escalation.html
CVE-2020-0511Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.5.5https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0503Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.5.5https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0501Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.5.5https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-6646An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.5.4https://fortiguard.com/advisory/FG-IR-20-001
CVE-2020-6586Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.5.4https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT
CVE-2020-10803In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.5.4https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html
CVE-2020-10596OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.5.4https://github.com/opencart/opencart/issues/7810
CVE-2020-101122020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh DISPUTED 2020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default.5.4http://packetstormsecurity.com/files/156660/Citrix-Gateway-11.1-12.0-12.1-Cache-Poisoning.html
CVE-2020-9519HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.5.3https://softwaresupport.softwaregrp.com/doc/KM03607789
CVE-2020-9518Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.5.3https://softwaresupport.softwaregrp.com/doc/KM03607792
CVE-2020-9323Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.5.3https://www.aquaforest.com/en/release_history.asp
CVE-2020-7600querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.5.3https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef
CVE-2020-10240An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.5.3https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users
CVE-2020-10116cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).5.3https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-101102020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh DISPUTED 2020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive.5.3http://packetstormsecurity.com/files/156656/Citrix-Gateway-11.1-12.0-12.1-Information-Disclosure.html
CVE-2020-10079GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.5.3https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-0517Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.5.3https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-0502Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.5.3https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-4203IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.4.9https://exchange.xforce.ibmcloud.com/vulnerabilities/174956
CVE-2020-7258Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.4.8https://kc.mcafee.com/corporate/index?page=content&id=SB10310
CVE-2020-7256Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.4.8https://kc.mcafee.com/corporate/index?page=content&id=SB10310
CVE-2020-5267In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.4.8http://www.openwall.com/lists/oss-security/2020/03/19/1
CVE-2020-2593Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).4.8http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
CVE-2020-10821Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.4.8https://code610.blogspot.com/2020/03/nagios-5611-xssd.html
CVE-2020-10820Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.4.8https://code610.blogspot.com/2020/03/nagios-5611-xssd.html
CVE-2020-10819Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.4.8https://code610.blogspot.com/2020/03/nagios-5611-xssd.html
CVE-2020-1740A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.4.7https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
CVE-2020-1735A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.4.6https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
CVE-2020-1739A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.4.4https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
CVE-2020-0507Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.4.4https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-8883This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880.4.3https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2020-8879This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626.4.3https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2020-8877This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624.4.3https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2020-4199IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.4.3https://exchange.xforce.ibmcloud.com/vulnerabilities/174910
CVE-2020-10575An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.4.2https://github.com/meetecho/janus-gateway/pull/1994
CVE-2020-2659Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html
CVE-2020-2654Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
CVE-2020-2590Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
CVE-2020-2583Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html
CVE-2020-6980Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.3.3https://www.us-cert.gov/ics/advisories/icsa-20-070-06
CVE-2020-1736A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.3.3https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
CVE-2020-0506Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.2.3https://security.netapp.com/advisory/ntap-20200320-0003/
CVE-2020-9760An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.https://github.com/weechat/weechat/commit/40ccacb4330a64802b1f1e28ed9a6b6d3ca9197f
CVE-2020-9759An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash.https://github.com/weechat/weechat/commit/9904cb6d2eb40f679d8ff6557c22d53a3e3dc75a
CVE-2020-9752Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.https://cve.naver.com/detail/cve-2020-9752
CVE-2020-9425An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response.https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153
CVE-2020-9392An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/
CVE-2020-9345An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited.https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-052.txt
CVE-2020-9343An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array.https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-053.txt
CVE-2020-9326BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-5-sr1
CVE-2020-8876This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10029.https://www.zerodayinitiative.com/advisories/ZDI-20-297/
CVE-2020-8875This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10028.https://www.zerodayinitiative.com/advisories/ZDI-20-296/
CVE-2020-8874This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10032.https://www.zerodayinitiative.com/advisories/ZDI-20-295/
CVE-2020-8873This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031.https://www.zerodayinitiative.com/advisories/ZDI-20-294/
CVE-2020-8872This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428.https://www.zerodayinitiative.com/advisories/ZDI-20-293/
CVE-2020-8871This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-9403.https://www.zerodayinitiative.com/advisories/ZDI-20-292/
CVE-2020-8868This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553.https://support.quest.com/foglight/kb/315091/fms-5-9-5-hotfix-hfix-314
CVE-2020-8866This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.https://lists.horde.org/archives/announce/2020/001288.html
CVE-2020-8865This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.https://www.zerodayinitiative.com/advisories/ZDI-20-276/
CVE-2020-8864This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157
CVE-2020-8863This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470.https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157
CVE-2020-8859This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115.https://elog.psi.ch/elogs/Forum/69114
CVE-2020-8838An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.https://www.manageengine.com/products/asset-explorer/sp-readme.html
CVE-2020-8511In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.https://k4m1ll0.com/cve-2020-8511.html
CVE-2020-8497In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.https://k4m1ll0.com/cve-2020-8497.html
CVE-2020-8140A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.https://hackerone.com/reports/633266
CVE-2020-8139A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.https://hackerone.com/reports/788257
CVE-2020-8138A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.https://hackerone.com/reports/736867
CVE-2020-8137Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.https://hackerone.com/reports/772448
CVE-2020-8136Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.https://hackerone.com/reports/804772
CVE-2020-8135The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.https://hackerone.com/reports/786956
CVE-2020-8134Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.https://hackerone.com/reports/793704
CVE-2020-7961Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).https://portal.liferay.dev/learn/security/known-vulnerabilities
CVE-2020-7935Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.https://k4m1ll0.com/cve-2020-7935.html
CVE-2020-7482A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.https://www.se.com/ww/en/download/document/SEVD-2020-070-04/
CVE-2020-7481A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.https://www.se.com/ww/en/download/document/SEVD-2020-070-04/
CVE-2020-7480A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.https://www.se.com/ww/en/download/document/SEVD-2020-070-04/
CVE-2020-7479A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
CVE-2020-7478A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
CVE-2020-7477A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.https://www.se.com/ww/en/download/document/SEVD-2020-070-02/
CVE-2020-7476A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path.https://www.se.com/ww/en/download/document/SEVD-2020-070-03
CVE-2020-7475A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.http://www.se.com/ww/en/download/document/SEVD-2020-080-01
CVE-2020-7474A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.https://www.se.com/ww/en/download/document/SEVD-2020-042-01/
CVE-2020-6967In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.https://www.us-cert.gov/ics/advisories/icsa-20-051-02
CVE-2020-6650UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.†eval†in “Update Manager†class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-UPS-companion-software.pdf
CVE-2020-6449Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
CVE-2020-6429Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
CVE-2020-6428Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
CVE-2020-6427Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
CVE-2020-6426Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
CVE-2020-6425Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
CVE-2020-6424Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
CVE-2020-6422Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
CVE-2020-6420Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop.html
CVE-2020-5722The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.https://www.tenable.com/security/research/tra-2020-15
CVE-2020-5252The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill†command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker.https://github.com/akoumjian/python-safety-vuln
CVE-2020-1944There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
CVE-2020-1879There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3).https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-integrity-en
CVE-2020-1878Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-informationleak-en
CVE-2020-1862There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-01-free-en
CVE-2020-1796There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-05-smartphone-en
CVE-2020-1795There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-04-smartphone-en
CVE-2020-1794There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en
CVE-2020-1793There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200318-02-smartphone-en
CVE-2020-1709A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709
CVE-2020-1707A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707
CVE-2020-1696A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1696
CVE-2020-10879rConfig before 3.9.5 allows injection because lib/crud/search.crud.php does not properly construct a find command.https://github.com/rconfig/rconfig/commit/3385f906427d228c48b914625136bf620f4ca0a9
CVE-2020-10875Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp.https://www.youtube.com/watch?v=Lv-STOyQCVY
CVE-2020-10874Motorola FX9500 devices allow remote attackers to read database files.https://www.youtube.com/watch?v=Lv-STOyQCVY
CVE-2020-108712020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh DISPUTED 2020-03-03.html 2020-03-11.html 2020-03-12.sb.html 2020-03-18.critical.sb.json 2020-03-18.sb.html 2020-03-18.sb.json generate_security_bulletin.sh generate_security_bulletin_macos.sh latest.sb.html.txt nvdcve-1.1-2020.json nvdcve-1.1-2020.json.zip output_2020-03-18.sb.html upload_to_s3.sh In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.https://github.com/openwrt/luci/issues/3563#issuecomment-578522860
CVE-2020-10870Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028
CVE-2020-10818Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.https://code610.blogspot.com/2020/03/rce-in-artica-426.html
CVE-2020-10808Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.https://forum.vestacp.com/viewforum.php?f=25
CVE-2020-10807auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.https://github.com/mitre/caldera/compare/2.6.4...2.6.5
CVE-2020-10806eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads
CVE-2020-10800lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.https://www.npmjs.com/advisories/1306
CVE-2020-10799The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.https://github.com/deeplook/svglib/issues/229
CVE-2020-10793CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page.https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297
CVE-2020-10792openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.https://github.com/it-novum/openITCOCKPIT/commit/719410b9ffff7d7b29dba7aad58faceb5eff789f
CVE-2020-10682The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).http://dev.cmsmadesimple.org/bug/view/12275
CVE-2020-10681The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.http://dev.cmsmadesimple.org/bug/view/12274
CVE-2020-10669The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html
CVE-2020-10665Docker Desktop allows local privilege escalation to NT AUTHORITY\\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.https://docs.docker.com/release-notes/
CVE-2020-10661HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
CVE-2020-10660HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
CVE-2020-10659Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain.https://github.com/etherpacket/CVD-Applications/blob/master/EDC%20Security%20Bulletin%20E19-001a.pdf
CVE-2020-10648Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.http://www.openwall.com/lists/oss-security/2020/03/18/5
CVE-2020-10597The affected insulin pump is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.https://www.us-cert.gov/ics/advisories/icsma-20-079-01
CVE-2020-10558The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.https://safekeepsecurity.com/about/cve-2020-10558/
CVE-2020-10365LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database.https://www.coresecurity.com/advisories/logicaldoc-virtual-appliance-multiple-vulnerabilities
CVE-2020-10364The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html
CVE-2020-10194cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.https://github.com/Zimbra/zm-mailbox/commit/1df440e0efa624d1772a05fb6d397d9beb4bda1e