Security Bulletin 6 May 2020

Published on 06 May 2020

Updated on 21 May 2020

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-12079 Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API. 10 https://nvd.nist.gov/vuln/detail/CVE-2020-12079
CVE-2020-9294 An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9294
CVE-2020-9068 Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9068
CVE-2020-8842 Unquoted search path vulnerability in MSI True Color before 3.0.52.0 allows privilege escalation to SYSTEM. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8842
CVE-2020-7640 pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7640
CVE-2020-7628 install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7628
CVE-2020-7609 node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7609
CVE-2020-7133 A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7133
CVE-2020-6826 Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6826
CVE-2020-6825 Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6825
CVE-2020-6823 A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6823
CVE-2020-6072 An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6072
CVE-2020-5868 In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-5868
CVE-2020-1964 It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1964
CVE-2020-1952 An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1952
CVE-2020-1944 There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1944
CVE-2020-12471 MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12471
CVE-2020-12442 Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12442
CVE-2020-12284 cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12284
CVE-2020-12279 An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12279
CVE-2020-12278 An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12278
CVE-2020-12274 In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12274
CVE-2020-12271 A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12271
CVE-2020-12268 jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12268
CVE-2020-12267 setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12267
CVE-2020-11945 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11945
CVE-2020-11939 In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11939
CVE-2020-11878 The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11878
CVE-2020-11796 In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11796
CVE-2020-11690 In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11690
CVE-2020-10915 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10915
CVE-2020-10914 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10914
CVE-2020-10569 SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10569
CVE-2020-10511 HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10511
CVE-2020-10507 The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10507
CVE-2020-10505 The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10505
CVE-2020-5887 On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5887

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-8775 Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. 8.9 https://nvd.nist.gov/vuln/detail/CVE-2020-8775
CVE-2020-8773 The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. 8.9 https://nvd.nist.gov/vuln/detail/CVE-2020-8773
CVE-2020-8774 Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8774
CVE-2020-8477 The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8477
CVE-2020-6822 On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6822
CVE-2020-5237 Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-5237
CVE-2020-4202 IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-4202
CVE-2020-12479 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12479
CVE-2020-12076 The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12076
CVE-2020-12075 The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12075
CVE-2020-11741 An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11741
CVE-2020-11677 Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11677
CVE-2020-11676 Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11676
CVE-2020-11675 Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11675
CVE-2020-11674 Cerner medico 26.00 allows variable reuse, possibly causing data corruption. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11674
CVE-2020-10892 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the CombineFiles command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9830. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10892
CVE-2020-10890 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the ConvertToPDF command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9829. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10890
CVE-2020-10514 iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10514
CVE-2020-10512 HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10512
CVE-2020-5863 In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-5863
CVE-2020-2894 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-2894
CVE-2020-12118 The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-12118
CVE-2020-10712 A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-10712
CVE-2020-6820 Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6820
CVE-2020-6819 Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6819
CVE-2020-5867 In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5867
CVE-2020-1757 A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1757
CVE-2020-11539 An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11539
CVE-2020-10996 An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-10996
CVE-2020-8895 Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8895
CVE-2020-8835 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8835
CVE-2020-8474 Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8474
CVE-2020-7490 A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7490
CVE-2020-7350 Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7350
CVE-2020-3194 A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3194
CVE-2020-1751 An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1751
CVE-2020-12468 Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12468
CVE-2020-12254 Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12254
CVE-2020-11958 re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11958
CVE-2020-11739 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11739
CVE-2020-10913 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9946. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10913
CVE-2020-10912 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9945. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10912
CVE-2020-10911 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the GetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9944. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10911
CVE-2020-10910 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the RotatePage command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9943. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10910
CVE-2020-10909 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AddWatermark command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9942. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10909
CVE-2020-10908 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Export command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9865. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10908
CVE-2020-10907 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of widgets in XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10650. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10907
CVE-2020-10906 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10614. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10906
CVE-2020-10904 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10464. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10904
CVE-2020-10902 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10462. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10902
CVE-2020-10900 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10142. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10900
CVE-2020-10899 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10132. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10899
CVE-2020-10898 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10195. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10898
CVE-2020-10897 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10193. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10897
CVE-2020-10896 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10192. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10896
CVE-2020-10895 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10191. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10895
CVE-2020-10893 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10189. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10893
CVE-2020-10891 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Save command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9831. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10891
CVE-2020-10889 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DuplicatePages command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9828. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10889
CVE-2020-0561 Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-0561
CVE-2020-9757 The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9757
CVE-2020-9481 Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9481
CVE-2020-9280 In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9280
CVE-2020-8867 This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8867
CVE-2020-6828 A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6828
CVE-2020-6821 When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6821
CVE-2020-6080 An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6080
CVE-2020-6079 An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6079
CVE-2020-6078 An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6078
CVE-2020-6077 An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6077
CVE-2020-6073 An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6073
CVE-2020-6071 An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6071
CVE-2020-5891 On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5891
CVE-2020-5571 SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5571
CVE-2020-5567 Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5567
CVE-2020-5260 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5260
CVE-2020-3273 A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access point (AP), and that frame would then be relayed to the affected WLC. Also, an attacker with Layer 3 connectivity to the WLC could exploit this vulnerability by sending a malicious 802.11 GAS payload in a Control and Provisioning of Wireless Access Points (CAPWAP) packet to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3273
CVE-2020-3262 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3262
CVE-2020-1967 Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1967
CVE-2020-1881 NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1881
CVE-2020-12478 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12478
CVE-2020-12273 In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12273
CVE-2020-12128 DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12128
CVE-2020-12120 The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12120
CVE-2020-12070 The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12070
CVE-2020-12066 CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12066
CVE-2020-12059 An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12059
CVE-2020-12051 The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12051
CVE-2020-11940 In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11940
CVE-2020-11828 In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11828
CVE-2020-11826 Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11826
CVE-2020-11795 In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11795
CVE-2020-11691 In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11691
CVE-2020-11685 In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11685
CVE-2020-11012 MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11012
CVE-2020-11008 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11008
CVE-2020-11004 SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11004
CVE-2020-10664 The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10664
CVE-2020-10506 The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10506
CVE-2020-5864 In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-5864
CVE-2020-5268 In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must be proved. The Sustainsys.Saml2 library incorrectly treats all incoming tokens as bearer tokens, even though they have another subject confirmation method specified. This could be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than bearer. The attacker could then use such a token to create a log in session. This vulnerability is patched in versions 1.0.2 and 2.7.0. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5268
CVE-2020-12473 MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-12473
CVE-2020-12470 MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-12470
CVE-2020-11885 WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-11885
CVE-2020-1806 Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 3 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1805. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1806
CVE-2020-1805 Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 2 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1806. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1805
CVE-2020-1804 Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 1 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1805 and CVE-2020-1806. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1804
CVE-2020-11668 In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11668
CVE-2020-2732 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2732
CVE-2020-8797 Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8797
CVE-2020-1845 Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-1845
CVE-2020-8492 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8492
CVE-2020-7134 A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7134
CVE-2020-5279 In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5279
CVE-2020-4267 IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-4267
CVE-2020-3261 A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3261
CVE-2020-3260 A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of client packets that are sent to an affected access point (AP). An attacker could exploit this vulnerability by sending a large number of sustained client packets to the affected AP. A successful exploit could allow the attacker to cause the affected AP to crash, resulting in a DoS condition. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3260
CVE-2020-12467 Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12467
CVE-2020-12270 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12270
CVE-2020-11880 An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11880
CVE-2020-11879 An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11879
CVE-2020-11007 In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11007
CVE-2020-10997 Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10997
CVE-2020-10513 The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10513
CVE-2020-8099 A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2020-8099
CVE-2020-6802 In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6802
CVE-2020-6579 Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6579
CVE-2020-5568 Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5568
CVE-2020-5564 Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5564
CVE-2020-1943 Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1943
CVE-2020-1760 A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1760
CVE-2020-12245 Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12245
CVE-2020-12137 GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12137
CVE-2020-12132 Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12132
CVE-2020-12054 The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12054
CVE-2020-12052 Grafana version < 6.7.3 is vulnerable for annotation popup XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12052
CVE-2020-11822 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11822
CVE-2020-10797 An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-10797
CVE-2020-1741 A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-1741
CVE-2020-12105 OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-12105
CVE-2020-11806 In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-11806
CVE-2020-7598 minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2020-7598
CVE-2020-8832 The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8832
CVE-2020-8831 Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8831
CVE-2020-5866 In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5866
CVE-2020-1880 Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1880
CVE-2020-12135 bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12135
CVE-2020-11765 An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11765
CVE-2020-11764 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11764
CVE-2020-11763 An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11763
CVE-2020-11762 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11762
CVE-2020-11761 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11761
CVE-2020-11760 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11760
CVE-2020-11759 An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11759
CVE-2020-11758 An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11758
CVE-2020-11743 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11743
CVE-2020-11742 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11742
CVE-2020-11609 An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11609
CVE-2020-11608 An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11608
CVE-2020-10812 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10812
CVE-2020-10811 An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10811
CVE-2020-10810 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10810
CVE-2020-10809 An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10809
CVE-2020-7642 lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-7642
CVE-2020-7132 A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. OA 4.95 (Linux and Windows). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-7132
CVE-2020-5570 Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-5570
CVE-2020-12472 MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-12472
CVE-2020-12261 Open-AudIT 3.3.0 allows an XSS attack after login. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-12261
CVE-2020-10094 A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-10094
CVE-2020-7643 paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7643
CVE-2020-5563 Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5563
CVE-2020-12277 GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-12277
CVE-2020-12275 GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-12275
CVE-2020-11891 An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-11891
CVE-2020-11890 An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-11890
CVE-2020-11883 In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-11883
CVE-2020-10942 In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10942
CVE-2020-5562 Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-5562
CVE-2020-11415 An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-11415
CVE-2020-5865 In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-5865
CVE-2020-5346 RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-5346
CVE-2020-12276 GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12276
CVE-2020-8833 Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8833
CVE-2020-6827 When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-6827
CVE-2020-11494 An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2020-11494
CVE-2020-7066 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7066
CVE-2020-5566 Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5566
CVE-2020-5565 Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5565
CVE-2020-4329 IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4329
CVE-2020-2177 Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2177
CVE-2020-9488 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-9488
CVE-2020-1807 HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1807
CVE-2020-10905 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of vertices in U3D objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10568. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10905
CVE-2020-10903 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10463. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10903
CVE-2020-10901 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10461. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10901
CVE-2020-10894 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10190. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10894
CVE-2020-5301 SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5301
CVE-2020-6824 Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75. 2.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6824
CVE-2020-9387 In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on. https://nvd.nist.gov/vuln/detail/CVE-2020-9387
CVE-2020-9098 Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot. https://nvd.nist.gov/vuln/detail/CVE-2020-9098
CVE-2020-8896 A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3. https://nvd.nist.gov/vuln/detail/CVE-2020-8896
CVE-2020-8792 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users' email addresses and lock names. https://nvd.nist.gov/vuln/detail/CVE-2020-8792
CVE-2020-8791 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary user IDs. Valid and current user IDs are trivial to guess because of the user ID assignment convention used by the app. A remote attacker could harvest email addresses, unsalted MD5 password hashes, owner-assigned lock names, and owner-assigned fingerprint names for any range of arbitrary user IDs. https://nvd.nist.gov/vuln/detail/CVE-2020-8791
CVE-2020-8790 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. https://nvd.nist.gov/vuln/detail/CVE-2020-8790
CVE-2020-8489 Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. https://nvd.nist.gov/vuln/detail/CVE-2020-8489
CVE-2020-8488 Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. https://nvd.nist.gov/vuln/detail/CVE-2020-8488
CVE-2020-8487 Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. https://nvd.nist.gov/vuln/detail/CVE-2020-8487
CVE-2020-8486 Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. https://nvd.nist.gov/vuln/detail/CVE-2020-8486
CVE-2020-8485 Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. https://nvd.nist.gov/vuln/detail/CVE-2020-8485
CVE-2020-8484 Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. https://nvd.nist.gov/vuln/detail/CVE-2020-8484
CVE-2020-8481 For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. https://nvd.nist.gov/vuln/detail/CVE-2020-8481
CVE-2020-8479 For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling. https://nvd.nist.gov/vuln/detail/CVE-2020-8479
CVE-2020-8478 Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. https://nvd.nist.gov/vuln/detail/CVE-2020-8478
CVE-2020-8476 For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service. https://nvd.nist.gov/vuln/detail/CVE-2020-8476
CVE-2020-8475 For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service. https://nvd.nist.gov/vuln/detail/CVE-2020-8475
CVE-2020-8473 Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. https://nvd.nist.gov/vuln/detail/CVE-2020-8473
CVE-2020-8472 Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. https://nvd.nist.gov/vuln/detail/CVE-2020-8472
CVE-2020-8471 For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2020-8471
CVE-2020-8157 UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). https://nvd.nist.gov/vuln/detail/CVE-2020-8157
CVE-2020-8018 A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions; https://nvd.nist.gov/vuln/detail/CVE-2020-8018
CVE-2020-7804 ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. https://nvd.nist.gov/vuln/detail/CVE-2020-7804
CVE-2020-7645 All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. https://nvd.nist.gov/vuln/detail/CVE-2020-7645
CVE-2020-7453 In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory. https://nvd.nist.gov/vuln/detail/CVE-2020-7453
CVE-2020-7452 In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel. https://nvd.nist.gov/vuln/detail/CVE-2020-7452
CVE-2020-7351 An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected. https://nvd.nist.gov/vuln/detail/CVE-2020-7351
CVE-2020-7136 A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). https://nvd.nist.gov/vuln/detail/CVE-2020-7136
CVE-2020-6867 ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005. https://nvd.nist.gov/vuln/detail/CVE-2020-6867
CVE-2020-6866 A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87. https://nvd.nist.gov/vuln/detail/CVE-2020-6866
CVE-2020-6865 ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20. https://nvd.nist.gov/vuln/detail/CVE-2020-6865
CVE-2020-6010 LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection https://nvd.nist.gov/vuln/detail/CVE-2020-6010
CVE-2020-5893 In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. https://nvd.nist.gov/vuln/detail/CVE-2020-5893
CVE-2020-5892 In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. https://nvd.nist.gov/vuln/detail/CVE-2020-5892
CVE-2020-5890 On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. https://nvd.nist.gov/vuln/detail/CVE-2020-5890
CVE-2020-5889 On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. https://nvd.nist.gov/vuln/detail/CVE-2020-5889
CVE-2020-5888 On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings. https://nvd.nist.gov/vuln/detail/CVE-2020-5888
CVE-2020-5886 On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. https://nvd.nist.gov/vuln/detail/CVE-2020-5886
CVE-2020-5885 On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. https://nvd.nist.gov/vuln/detail/CVE-2020-5885
CVE-2020-5884 On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring. https://nvd.nist.gov/vuln/detail/CVE-2020-5884
CVE-2020-5883 On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak. https://nvd.nist.gov/vuln/detail/CVE-2020-5883
CVE-2020-5882 On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file. https://nvd.nist.gov/vuln/detail/CVE-2020-5882
CVE-2020-5881 On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes. https://nvd.nist.gov/vuln/detail/CVE-2020-5881
CVE-2020-5880 Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server. https://nvd.nist.gov/vuln/detail/CVE-2020-5880
CVE-2020-5879 On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied. https://nvd.nist.gov/vuln/detail/CVE-2020-5879
CVE-2020-5878 On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic. https://nvd.nist.gov/vuln/detail/CVE-2020-5878
CVE-2020-5877 On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2020-5877
CVE-2020-5876 On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up. https://nvd.nist.gov/vuln/detail/CVE-2020-5876
CVE-2020-5875 On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy. https://nvd.nist.gov/vuln/detail/CVE-2020-5875
CVE-2020-5874 On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM). https://nvd.nist.gov/vuln/detail/CVE-2020-5874
CVE-2020-5873 On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request. https://nvd.nist.gov/vuln/detail/CVE-2020-5873
CVE-2020-5872 On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.4.1, when processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover event. https://nvd.nist.gov/vuln/detail/CVE-2020-5872
CVE-2020-5871 On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure. https://nvd.nist.gov/vuln/detail/CVE-2020-5871
CVE-2020-5727 Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system. https://nvd.nist.gov/vuln/detail/CVE-2020-5727
CVE-2020-5343 Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. https://nvd.nist.gov/vuln/detail/CVE-2020-5343
CVE-2020-5337 RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. https://nvd.nist.gov/vuln/detail/CVE-2020-5337
CVE-2020-5336 RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system. https://nvd.nist.gov/vuln/detail/CVE-2020-5336
CVE-2020-5335 RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user. https://nvd.nist.gov/vuln/detail/CVE-2020-5335
CVE-2020-5334 RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. https://nvd.nist.gov/vuln/detail/CVE-2020-5334
CVE-2020-5333 RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information. https://nvd.nist.gov/vuln/detail/CVE-2020-5333
CVE-2020-5332 RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. https://nvd.nist.gov/vuln/detail/CVE-2020-5332
CVE-2020-5331 RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. https://nvd.nist.gov/vuln/detail/CVE-2020-5331
CVE-2020-4209 IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. https://nvd.nist.gov/vuln/detail/CVE-2020-4209
CVE-2020-3955 ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3. https://nvd.nist.gov/vuln/detail/CVE-2020-3955
CVE-2020-2575 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). https://nvd.nist.gov/vuln/detail/CVE-2020-2575
CVE-2020-1961 Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. https://nvd.nist.gov/vuln/detail/CVE-2020-1961
CVE-2020-1959 A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code. https://nvd.nist.gov/vuln/detail/CVE-2020-1959
CVE-2020-1817 Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2020-1817
CVE-2020-1752 A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. https://nvd.nist.gov/vuln/detail/CVE-2020-1752
CVE-2020-1732 A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. https://nvd.nist.gov/vuln/detail/CVE-2020-1732
CVE-2020-1631 A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns "=*;*&" or "*%3b*&" in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match "=*;*&|=*%3b*&" If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match "=*;*&|=*%3b*&" user@device> show log httpd.log.1.gz | match "=*;*&|=*%3b*&" Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. https://nvd.nist.gov/vuln/detail/CVE-2020-1631
CVE-2020-12656 gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. https://nvd.nist.gov/vuln/detail/CVE-2020-12656
CVE-2020-12655 An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. https://nvd.nist.gov/vuln/detail/CVE-2020-12655
CVE-2020-12654 An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. https://nvd.nist.gov/vuln/detail/CVE-2020-12654
CVE-2020-12653 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. https://nvd.nist.gov/vuln/detail/CVE-2020-12653
CVE-2020-12652 The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." https://nvd.nist.gov/vuln/detail/CVE-2020-12652
CVE-2020-12649 Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. https://nvd.nist.gov/vuln/detail/CVE-2020-12649
CVE-2020-12642 An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import. https://nvd.nist.gov/vuln/detail/CVE-2020-12642
CVE-2020-12641 rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. https://nvd.nist.gov/vuln/detail/CVE-2020-12641
CVE-2020-12640 Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. https://nvd.nist.gov/vuln/detail/CVE-2020-12640
CVE-2020-12639 phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. https://nvd.nist.gov/vuln/detail/CVE-2020-12639
CVE-2020-12629 include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. https://nvd.nist.gov/vuln/detail/CVE-2020-12629
CVE-2020-12627 Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. https://nvd.nist.gov/vuln/detail/CVE-2020-12627
CVE-2020-12626 An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. https://nvd.nist.gov/vuln/detail/CVE-2020-12626
CVE-2020-12625 An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. https://nvd.nist.gov/vuln/detail/CVE-2020-12625
CVE-2020-12624 The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions. https://nvd.nist.gov/vuln/detail/CVE-2020-12624
CVE-2020-12477 The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. https://nvd.nist.gov/vuln/detail/CVE-2020-12477
CVE-2020-12475 TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. https://nvd.nist.gov/vuln/detail/CVE-2020-12475
CVE-2020-12474 Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. https://nvd.nist.gov/vuln/detail/CVE-2020-12474
CVE-2020-12469 admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. https://nvd.nist.gov/vuln/detail/CVE-2020-12469
CVE-2020-12465 An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. https://nvd.nist.gov/vuln/detail/CVE-2020-12465
CVE-2020-12464 usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. https://nvd.nist.gov/vuln/detail/CVE-2020-12464
CVE-2020-12462 The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. https://nvd.nist.gov/vuln/detail/CVE-2020-12462
CVE-2020-12461 PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query. https://nvd.nist.gov/vuln/detail/CVE-2020-12461
CVE-2020-12459 In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. https://nvd.nist.gov/vuln/detail/CVE-2020-12459
CVE-2020-12458 An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). https://nvd.nist.gov/vuln/detail/CVE-2020-12458
CVE-2020-12447 A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. https://nvd.nist.gov/vuln/detail/CVE-2020-12447
CVE-2020-12446 The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\\SYSTEM. https://nvd.nist.gov/vuln/detail/CVE-2020-12446
CVE-2020-12443 BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive. https://nvd.nist.gov/vuln/detail/CVE-2020-12443
CVE-2020-12438 An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags. https://nvd.nist.gov/vuln/detail/CVE-2020-12438
CVE-2020-12283 Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. https://nvd.nist.gov/vuln/detail/CVE-2020-12283
CVE-2020-12252 An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-12252
CVE-2020-12251 An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine. https://nvd.nist.gov/vuln/detail/CVE-2020-12251
CVE-2020-12246 Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-12246
CVE-2020-12117 Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect. https://nvd.nist.gov/vuln/detail/CVE-2020-12117
CVE-2020-12114 A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. https://nvd.nist.gov/vuln/detail/CVE-2020-12114
CVE-2020-12111 Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. https://nvd.nist.gov/vuln/detail/CVE-2020-12111
CVE-2020-12110 Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. https://nvd.nist.gov/vuln/detail/CVE-2020-12110
CVE-2020-12109 Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. https://nvd.nist.gov/vuln/detail/CVE-2020-12109
CVE-2020-12103 In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. https://nvd.nist.gov/vuln/detail/CVE-2020-12103
CVE-2020-12102 In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). https://nvd.nist.gov/vuln/detail/CVE-2020-12102
CVE-2020-12101 The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address. https://nvd.nist.gov/vuln/detail/CVE-2020-12101
CVE-2020-12050 SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. https://nvd.nist.gov/vuln/detail/CVE-2020-12050
CVE-2020-11943 An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload. https://nvd.nist.gov/vuln/detail/CVE-2020-11943
CVE-2020-11942 An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. https://nvd.nist.gov/vuln/detail/CVE-2020-11942
CVE-2020-11884 In the Linux kernel through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. https://nvd.nist.gov/vuln/detail/CVE-2020-11884
CVE-2020-11842 Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. https://nvd.nist.gov/vuln/detail/CVE-2020-11842
CVE-2020-11671 Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. https://nvd.nist.gov/vuln/detail/CVE-2020-11671
CVE-2020-11652 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. https://nvd.nist.gov/vuln/detail/CVE-2020-11652
CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. https://nvd.nist.gov/vuln/detail/CVE-2020-11651
CVE-2020-11462 An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable. https://nvd.nist.gov/vuln/detail/CVE-2020-11462
CVE-2020-11446 ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2020-11446
CVE-2020-11443 The MSI installer in Zoom before 4.6.10 on Windows follows Symbolic Links. https://nvd.nist.gov/vuln/detail/CVE-2020-11443
CVE-2020-11037 In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9. https://nvd.nist.gov/vuln/detail/CVE-2020-11037
CVE-2020-11030 In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). https://nvd.nist.gov/vuln/detail/CVE-2020-11030
CVE-2020-11029 In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). https://nvd.nist.gov/vuln/detail/CVE-2020-11029
CVE-2020-11028 In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). https://nvd.nist.gov/vuln/detail/CVE-2020-11028
CVE-2020-11027 In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). https://nvd.nist.gov/vuln/detail/CVE-2020-11027
CVE-2020-11026 In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). https://nvd.nist.gov/vuln/detail/CVE-2020-11026
CVE-2020-11025 In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). https://nvd.nist.gov/vuln/detail/CVE-2020-11025
CVE-2020-11024 In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS. https://nvd.nist.gov/vuln/detail/CVE-2020-11024
CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. https://nvd.nist.gov/vuln/detail/CVE-2020-11023
CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. https://nvd.nist.gov/vuln/detail/CVE-2020-11022
CVE-2020-11021 Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8. https://nvd.nist.gov/vuln/detail/CVE-2020-11021
CVE-2020-11020 Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5. https://nvd.nist.gov/vuln/detail/CVE-2020-11020
CVE-2020-11016 IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-11016
CVE-2020-11015 A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0.\nDevice MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC\naddress may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies\nto all (mostly ESP8266/ESP32) users.\n\nThis has been fixed in firmware version 2.5.0. https://nvd.nist.gov/vuln/detail/CVE-2020-11015
CVE-2020-11009 In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6 https://nvd.nist.gov/vuln/detail/CVE-2020-11009
CVE-2020-10933 An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. https://nvd.nist.gov/vuln/detail/CVE-2020-10933
CVE-2020-10876 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. https://nvd.nist.gov/vuln/detail/CVE-2020-10876
CVE-2020-10717 A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. https://nvd.nist.gov/vuln/detail/CVE-2020-10717
CVE-2020-10700 A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. https://nvd.nist.gov/vuln/detail/CVE-2020-10700
CVE-2020-10691 An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system. https://nvd.nist.gov/vuln/detail/CVE-2020-10691
CVE-2020-10686 A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. https://nvd.nist.gov/vuln/detail/CVE-2020-10686
CVE-2020-10683 dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. https://nvd.nist.gov/vuln/detail/CVE-2020-10683
CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. https://nvd.nist.gov/vuln/detail/CVE-2020-10663
CVE-2020-10622 LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users https://nvd.nist.gov/vuln/detail/CVE-2020-10622
CVE-2020-10618 LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. https://nvd.nist.gov/vuln/detail/CVE-2020-10618
CVE-2020-10187 Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. https://nvd.nist.gov/vuln/detail/CVE-2020-10187