Security Bulletin 2 Sep 2020

Published on 02 Sep 2020

Updated on 02 Sep 2020

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-24186A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.10https://nvd.nist.gov/vuln/detail/CVE-2020-24186
CVE-2020-14498HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.10https://nvd.nist.gov/vuln/detail/CVE-2020-14498
CVE-2020-15149NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an account takeover. As a workaround you may cherry-pick the following commit from the project's repository to your running instance of NodeBB: 16cee1b03ba3eee177834a1fdac4aa8a12b39d2a. This is fixed in version 1.14.3.9.9https://nvd.nist.gov/vuln/detail/CVE-2020-15149
CVE-2020-9548FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9548
CVE-2020-9547FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9547
CVE-2020-9546FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9546
CVE-2020-8840FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE-2020-8234A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-8234
CVE-2020-7710This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7710
CVE-2020-7706The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7706
CVE-2020-7701madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7701
CVE-2020-5624SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-5624
CVE-2020-24616FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24616
CVE-2020-24202File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24202
CVE-2020-24055Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24055
CVE-2020-24054The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24054
CVE-2020-24051The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24051
CVE-2020-24032tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24032
CVE-2020-2397913enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-23979
CVE-2020-23978SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"9.8https://nvd.nist.gov/vuln/detail/CVE-2020-23978
CVE-2020-23976Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-23976
CVE-2020-23936PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".9.8https://nvd.nist.gov/vuln/detail/CVE-2020-23936
CVE-2020-23935Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".9.8https://nvd.nist.gov/vuln/detail/CVE-2020-23935
CVE-2020-1938When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-1938
CVE-2020-17456SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-17456
CVE-2020-17368Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-17368
CVE-2020-17353scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-17353
CVE-2020-16279The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-16279
CVE-2020-16251HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-16251
CVE-2020-16245Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-16245
CVE-2020-15920There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15920
CVE-2020-15917common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15917
CVE-2020-15900A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15900
CVE-2020-14524Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-14524
CVE-2020-11984Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE9.8https://nvd.nist.gov/vuln/detail/CVE-2020-11984
CVE-2020-11620FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-11620
CVE-2020-11619FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-11619
CVE-2020-10283The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-10283
CVE-2020-15140In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.9.6https://nvd.nist.gov/vuln/detail/CVE-2020-15140
CVE-2020-24590The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-24590
CVE-2020-24589The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-24589
CVE-2020-24052Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-24052

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-8913A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-8913
CVE-2020-7018Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-7018
CVE-2020-5417Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-5417
CVE-2020-24364MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24364
CVE-2020-24057The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24057
CVE-2020-23934An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-23934
CVE-2020-19889DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-19889
CVE-2020-17400This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11304.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17400
CVE-2020-17399This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11303.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17399
CVE-2020-17396This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11217.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17396
CVE-2020-17392This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17392
CVE-2020-17389This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17389
CVE-2020-17388This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17388
CVE-2020-17387This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17387
CVE-2020-15645This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15645
CVE-2020-15644This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10550.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15644
CVE-2020-15643This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15643
CVE-2020-15642This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10501.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15642
CVE-2020-15146In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15146
CVE-2020-15143In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15143
CVE-2020-15070Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15070
CVE-2020-14349It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-14349
CVE-2020-10289Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-10289
CVE-2020-15147Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.8.5https://nvd.nist.gov/vuln/detail/CVE-2020-15147
CVE-2020-14583Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).8.3https://nvd.nist.gov/vuln/detail/CVE-2020-14583
CVE-2020-13398An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.8.3https://nvd.nist.gov/vuln/detail/CVE-2020-13398
CVE-2020-17397This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of network packets. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11253.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-17397
CVE-2020-17395This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11134.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-17395
CVE-2020-10713A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-10713
CVE-2020-3519A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-3519
CVE-2020-15151OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.8https://nvd.nist.gov/vuln/detail/CVE-2020-15151
CVE-2020-15863hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.7.9https://nvd.nist.gov/vuln/detail/CVE-2020-15863
CVE-2020-8026A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-8026
CVE-2020-5385Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-5385
CVE-2020-4587IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-4587
CVE-2020-24574The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24574
CVE-2020-24394In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24394
CVE-2020-17367Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-17367
CVE-2020-16303A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-16303
CVE-2020-16281The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-16281
CVE-2020-15865A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-15865
CVE-2020-15862Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-15862
CVE-2020-15861Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-15861
CVE-2020-15482An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-15482
CVE-2020-1457A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1425.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-1457
CVE-2020-1082An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-1082
CVE-2020-10699A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-10699
CVE-2020-14147An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.7.7https://nvd.nist.gov/vuln/detail/CVE-2020-14147
CVE-2020-9063NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host.7.6https://nvd.nist.gov/vuln/detail/CVE-2020-9063
CVE-2020-10126NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.7.6https://nvd.nist.gov/vuln/detail/CVE-2020-10126
CVE-2020-10125NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.7.6https://nvd.nist.gov/vuln/detail/CVE-2020-10125
CVE-2020-9490Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-9490
CVE-2020-9298The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-9298
CVE-2020-8623In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8623
CVE-2020-8621In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8621
CVE-2020-8620In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8620
CVE-2020-7711This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-7711
CVE-2020-5925In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5925
CVE-2020-5914In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5914
CVE-2020-4559IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-4559
CVE-2020-4174IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-4174
CVE-2020-4169IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-4169
CVE-2020-24571NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24571
CVE-2020-24368Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24368
CVE-2020-24359HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24359
CVE-2020-24312mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24312
CVE-2020-24056A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24056
CVE-2020-24053Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24053
CVE-2020-17385Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-17385
CVE-2020-16845Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-16845
CVE-2020-15641This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10499.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15641
CVE-2020-15640This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10497.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15640
CVE-2020-15484An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15484
CVE-2020-15476In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15476
CVE-2020-15138Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15138
CVE-2020-14522Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14522
CVE-2020-14512GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14512
CVE-2020-14400** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14400
CVE-2020-14399** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed."7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14399
CVE-2020-14397An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14397
CVE-2020-14303A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14303
CVE-2020-14215Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14215
CVE-2020-13933Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13933
CVE-2020-13410An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13410
CVE-2020-12674In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-12674
CVE-2020-12673In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-12673
CVE-2020-12457An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-12457
CVE-2020-11993Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-11993
CVE-2020-11724An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-11724
CVE-2020-14593Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).7.4https://nvd.nist.gov/vuln/detail/CVE-2020-14593
CVE-2020-11061In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.7.4https://nvd.nist.gov/vuln/detail/CVE-2020-11061
CVE-2020-14350It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-14350
CVE-2020-4603IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-4603
CVE-2020-17384Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-17384
CVE-2020-5912In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-5912
CVE-2020-5774Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-5774
CVE-2020-13396An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-13396
CVE-2020-10124NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-10124
CVE-2020-15309An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).7https://nvd.nist.gov/vuln/detail/CVE-2020-15309
CVE-2020-7310Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.6.9https://nvd.nist.gov/vuln/detail/CVE-2020-7310
CVE-2020-8227Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-8227
CVE-2020-15483An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-15483
CVE-2020-10290Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system6.8https://nvd.nist.gov/vuln/detail/CVE-2020-10290
CVE-2020-14344An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-14344
CVE-2020-13754hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-13754
CVE-2020-11523libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.6.6https://nvd.nist.gov/vuln/detail/CVE-2020-11523
CVE-2020-11521libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.6.6https://nvd.nist.gov/vuln/detail/CVE-2020-11521
CVE-2020-9415The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-9415
CVE-2020-9246FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-9246
CVE-2020-8622In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8622
CVE-2020-7923A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-7923
CVE-2020-7824A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-7824
CVE-2020-7019In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-7019
CVE-2020-5416Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-5416
CVE-2020-4383IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-4383
CVE-2020-4167IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-4167
CVE-2020-3521A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker with a low-privileged account could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to read arbitrary files on the affected system.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-3521
CVE-2020-24591The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-24591
CVE-2020-23574When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-23574
CVE-2020-17498In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-17498
CVE-2020-17402This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-17402
CVE-2020-17398This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-17398
CVE-2020-17393This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-17393
CVE-2020-17391This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-17391
CVE-2020-17386Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-17386
CVE-2020-14405An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14405
CVE-2020-14401An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14401
CVE-2020-14201Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14201
CVE-2020-12803ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-12803
CVE-2020-11522libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-11522
CVE-2020-10756An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-10756
CVE-2020-15705GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.6.4https://nvd.nist.gov/vuln/detail/CVE-2020-15705
CVE-2020-3522A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges.6.3https://nvd.nist.gov/vuln/detail/CVE-2020-3522
CVE-2020-1945Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.6.3https://nvd.nist.gov/vuln/detail/CVE-2020-1945
CVE-2020-10780Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.6.3https://nvd.nist.gov/vuln/detail/CVE-2020-10780
CVE-2020-5915In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-5915
CVE-2020-5625Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-5625
CVE-2020-5541Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-5541
CVE-2020-5540Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-5540
CVE-2020-4598IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-4598
CVE-2020-4575IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-4575
CVE-2020-24609TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24609
CVE-2020-24599An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24599
CVE-2020-24598An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24598
CVE-2020-24223Mara CMS 7.5 allows contact.php?theme= XSS.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24223
CVE-2020-24104XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24104
CVE-2020-2398113enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-23981
CVE-2020-23975Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-23975
CVE-2020-20628controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20628
CVE-2020-1927In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-1927
CVE-2020-15499An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-15499
CVE-2020-14333A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-14333
CVE-2020-14042** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."6.1https://nvd.nist.gov/vuln/detail/CVE-2020-14042
CVE-2020-13827phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-13827
CVE-2020-12759Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-12759
CVE-2020-17401This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.6https://nvd.nist.gov/vuln/detail/CVE-2020-17401
CVE-2020-17394This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132.6https://nvd.nist.gov/vuln/detail/CVE-2020-17394
CVE-2020-13800ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.6https://nvd.nist.gov/vuln/detail/CVE-2020-13800
CVE-2020-13401An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.6https://nvd.nist.gov/vuln/detail/CVE-2020-13401
CVE-2020-12619MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-12619
CVE-2020-11042In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-11042
CVE-2020-5775Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.5.8https://nvd.nist.gov/vuln/detail/CVE-2020-5775
CVE-2020-13765rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.5.6https://nvd.nist.gov/vuln/detail/CVE-2020-13765
CVE-2020-4492IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-4492
CVE-2020-4382IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-4382
CVE-2020-3520A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any privilege level could exploit this vulnerability by accessing local filesystems and extracting sensitive information from them. A successful exploit could allow the attacker to view sensitive data, which they could use to elevate their privilege.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-3520
CVE-2020-17538A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-17538
CVE-2020-16310A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16310
CVE-2020-16309A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16309
CVE-2020-16308A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16308
CVE-2020-16307A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16307
CVE-2020-16306A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16306
CVE-2020-16305A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16305
CVE-2020-16304A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16304
CVE-2020-16302A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16302
CVE-2020-16301A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16301
CVE-2020-16300A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16300
CVE-2020-16299A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16299
CVE-2020-16298A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16298
CVE-2020-16297A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16297
CVE-2020-16296A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16296
CVE-2020-16295A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16295
CVE-2020-16294A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16294
CVE-2020-16293A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16293
CVE-2020-16292A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16292
CVE-2020-16291A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16291
CVE-2020-16290A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16290
CVE-2020-16289A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16289
CVE-2020-16288A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16288
CVE-2020-16287A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16287
CVE-2020-16280Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16280
CVE-2020-15393In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-15393
CVE-2020-15306An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-15306
CVE-2020-15305An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-15305
CVE-2020-14347A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-14347
CVE-2020-14150GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-14150
CVE-2020-13867Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13867
CVE-2020-13397An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13397
CVE-2020-13253sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13253
CVE-2020-12771An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-12771
CVE-2020-12655An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-12655
CVE-2020-11765An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11765
CVE-2020-11764An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11764
CVE-2020-11763An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11763
CVE-2020-11762An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11762
CVE-2020-11761An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11761
CVE-2020-11760An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11760
CVE-2020-11759An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11759
CVE-2020-11758An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11758
CVE-2020-8189A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-8189
CVE-2020-5619Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-5619
CVE-2020-3975VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-3975
CVE-2020-3523A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-3523
CVE-2020-3518A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-3518
CVE-2020-23660webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."5.4https://nvd.nist.gov/vuln/detail/CVE-2020-23660
CVE-2020-23659WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-23659
CVE-2020-23657NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."5.4https://nvd.nist.gov/vuln/detail/CVE-2020-23657
CVE-2020-23656NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."5.4https://nvd.nist.gov/vuln/detail/CVE-2020-23656
CVE-2020-23655NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."5.4https://nvd.nist.gov/vuln/detail/CVE-2020-23655
CVE-2020-23654NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."5.4https://nvd.nist.gov/vuln/detail/CVE-2020-23654
CVE-2020-20633ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-20633
CVE-2020-19007Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-19007
CVE-2020-16193osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16193
CVE-2020-16157A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16157
CVE-2020-14729Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14729
CVE-2020-14728Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in NetSuite SCA, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14728
CVE-2020-14404An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14404
CVE-2020-14403An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14403
CVE-2020-14402An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14402
CVE-2020-14194Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14194
CVE-2020-9062Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-9062
CVE-2020-5924In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-5924
CVE-2020-4172IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-4172
CVE-2020-4166IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-4166
CVE-2020-3976VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-3976
CVE-2020-24585An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-24585
CVE-2020-24381** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9.2 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings. NOTE: this is disputed because it only affects misconfigured installations.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-24381
CVE-2020-24370ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-24370
CVE-2020-1934In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-1934
CVE-2020-17507An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-17507
CVE-2020-14621Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14621
CVE-2020-14562Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14562
CVE-2020-14518Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14518
CVE-2020-12802LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-12802
CVE-2020-11985IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-11985
CVE-2020-10123The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-10123
CVE-2020-10761An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.5https://nvd.nist.gov/vuln/detail/CVE-2020-10761
CVE-2020-8619In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.4.9https://nvd.nist.gov/vuln/detail/CVE-2020-8619
CVE-2020-24622In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.4.9https://nvd.nist.gov/vuln/detail/CVE-2020-24622
CVE-2020-16239Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.4.9https://nvd.nist.gov/vuln/detail/CVE-2020-16239
CVE-2020-5346RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-5346
CVE-2020-5340RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-5340
CVE-2020-5339RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-5339
CVE-2020-3439A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-3439
CVE-2020-14556Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).4.8https://nvd.nist.gov/vuln/detail/CVE-2020-14556
CVE-2020-12618eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-12618
CVE-2020-10951Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.4.7https://nvd.nist.gov/vuln/detail/CVE-2020-10951
CVE-2020-4593IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.4.4https://nvd.nist.gov/vuln/detail/CVE-2020-4593
CVE-2020-8624In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-8624
CVE-2020-4171IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-4171
CVE-2020-4170IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-4170
CVE-2020-16197An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-16197
CVE-2020-13361In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.3.9https://nvd.nist.gov/vuln/detail/CVE-2020-13361
CVE-2020-16092In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.3.8https://nvd.nist.gov/vuln/detail/CVE-2020-16092
CVE-2020-14579Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7https://nvd.nist.gov/vuln/detail/CVE-2020-14579
CVE-2020-14578Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7https://nvd.nist.gov/vuln/detail/CVE-2020-14578
CVE-2020-14573Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2020-14573
CVE-2020-11045In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.3.3https://nvd.nist.gov/vuln/detail/CVE-2020-11045
CVE-2020-13362In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.3.2https://nvd.nist.gov/vuln/detail/CVE-2020-13362
CVE-2020-13659address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.2.5https://nvd.nist.gov/vuln/detail/CVE-2020-13659
CVE-2020-11526libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11526
CVE-2020-11525libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11525
CVE-2020-11058In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11058
CVE-2020-11048In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11048
CVE-2020-11046In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11046
CVE-2020-16241Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.2.1https://nvd.nist.gov/vuln/detail/CVE-2020-16241
CVE-2020-16237Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.2.1https://nvd.nist.gov/vuln/detail/CVE-2020-16237
CVE-2020-8602A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2020-8602
CVE-2020-8244A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.https://nvd.nist.gov/vuln/detail/CVE-2020-8244
CVE-2020-8097An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.https://nvd.nist.gov/vuln/detail/CVE-2020-8097
CVE-2020-7712This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.https://nvd.nist.gov/vuln/detail/CVE-2020-7712
CVE-2020-7527Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.https://nvd.nist.gov/vuln/detail/CVE-2020-7527
CVE-2020-7526Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.https://nvd.nist.gov/vuln/detail/CVE-2020-7526
CVE-2020-7525Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.https://nvd.nist.gov/vuln/detail/CVE-2020-7525
CVE-2020-7524Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.https://nvd.nist.gov/vuln/detail/CVE-2020-7524
CVE-2020-7523Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.https://nvd.nist.gov/vuln/detail/CVE-2020-7523
CVE-2020-7522Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories.https://nvd.nist.gov/vuln/detail/CVE-2020-7522
CVE-2020-7521Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.https://nvd.nist.gov/vuln/detail/CVE-2020-7521
CVE-2020-7309Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.https://nvd.nist.gov/vuln/detail/CVE-2020-7309
CVE-2020-5928In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times.https://nvd.nist.gov/vuln/detail/CVE-2020-5928
CVE-2020-5927In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2020-5927
CVE-2020-5926In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache.https://nvd.nist.gov/vuln/detail/CVE-2020-5926
CVE-2020-5923In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.https://nvd.nist.gov/vuln/detail/CVE-2020-5923
CVE-2020-5922In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.https://nvd.nist.gov/vuln/detail/CVE-2020-5922
CVE-2020-5921in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected.https://nvd.nist.gov/vuln/detail/CVE-2020-5921
CVE-2020-5920In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack.https://nvd.nist.gov/vuln/detail/CVE-2020-5920
CVE-2020-5919In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding.https://nvd.nist.gov/vuln/detail/CVE-2020-5919
CVE-2020-5918In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile.https://nvd.nist.gov/vuln/detail/CVE-2020-5918
CVE-2020-5917In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.https://nvd.nist.gov/vuln/detail/CVE-2020-5917
CVE-2020-5916In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.https://nvd.nist.gov/vuln/detail/CVE-2020-5916
CVE-2020-5913In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts server-side connections and may result in a man-in-the-middle attack on the connections.https://nvd.nist.gov/vuln/detail/CVE-2020-5913
CVE-2020-5623NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.https://nvd.nist.gov/vuln/detail/CVE-2020-5623
CVE-2020-5621Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2020-5621
CVE-2020-5419RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2020-5419
CVE-2020-5383Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.https://nvd.nist.gov/vuln/detail/CVE-2020-5383
CVE-2020-4591IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.https://nvd.nist.gov/vuln/detail/CVE-2020-4591
CVE-2020-4175IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684.https://nvd.nist.gov/vuln/detail/CVE-2020-4175
CVE-2020-3566A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2020-3566
CVE-2020-3517A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition.https://nvd.nist.gov/vuln/detail/CVE-2020-3517
CVE-2020-3507Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).https://nvd.nist.gov/vuln/detail/CVE-2020-3507
CVE-2020-3506Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).https://nvd.nist.gov/vuln/detail/CVE-2020-3506
CVE-2020-3505A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).https://nvd.nist.gov/vuln/detail/CVE-2020-3505
CVE-2020-3504A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.https://nvd.nist.gov/vuln/detail/CVE-2020-3504
CVE-2020-3496A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.https://nvd.nist.gov/vuln/detail/CVE-2020-3496
CVE-2020-3491A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device.https://nvd.nist.gov/vuln/detail/CVE-2020-3491
CVE-2020-3490A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system.https://nvd.nist.gov/vuln/detail/CVE-2020-3490
CVE-2020-3485A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access.https://nvd.nist.gov/vuln/detail/CVE-2020-3485
CVE-2020-3484A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the affected device.https://nvd.nist.gov/vuln/detail/CVE-2020-3484
CVE-2020-3466Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.https://nvd.nist.gov/vuln/detail/CVE-2020-3466
CVE-2020-3454A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS.https://nvd.nist.gov/vuln/detail/CVE-2020-3454
CVE-2020-3446A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.https://nvd.nist.gov/vuln/detail/CVE-2020-3446
CVE-2020-3443A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device.https://nvd.nist.gov/vuln/detail/CVE-2020-3443
CVE-2020-3440A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.https://nvd.nist.gov/vuln/detail/CVE-2020-3440
CVE-2020-3415A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device.https://nvd.nist.gov/vuln/detail/CVE-2020-3415
CVE-2020-3398A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.https://nvd.nist.gov/vuln/detail/CVE-2020-3398
CVE-2020-3397A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.https://nvd.nist.gov/vuln/detail/CVE-2020-3397
CVE-2020-3394A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.https://nvd.nist.gov/vuln/detail/CVE-2020-3394
CVE-2020-3389A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.https://nvd.nist.gov/vuln/detail/CVE-2020-3389
CVE-2020-3338A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device.https://nvd.nist.gov/vuln/detail/CVE-2020-3338
CVE-2020-3152A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials.https://nvd.nist.gov/vuln/detail/CVE-2020-3152
CVE-2020-3151A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials.https://nvd.nist.gov/vuln/detail/CVE-2020-3151
CVE-2020-25067NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.https://nvd.nist.gov/vuln/detail/CVE-2020-25067
CVE-2020-25065An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25065
CVE-2020-25064An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25064
CVE-2020-25063An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25063
CVE-2020-25062An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25062
CVE-2020-25061An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25061
CVE-2020-25060An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25060
CVE-2020-25059An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25059
CVE-2020-25058An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25058
CVE-2020-25057An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25057
CVE-2020-25056An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25056
CVE-2020-25055An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25055
CVE-2020-25054An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25054
CVE-2020-25053An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25053
CVE-2020-25052An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25052
CVE-2020-25051An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25051
CVE-2020-25050An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25050
CVE-2020-25049An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25049
CVE-2020-25048An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25048
CVE-2020-25047An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25047
CVE-2020-25046An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25046
CVE-2020-25033The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS.https://nvd.nist.gov/vuln/detail/CVE-2020-25033
CVE-2020-25032An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.https://nvd.nist.gov/vuln/detail/CVE-2020-25032
CVE-2020-25031checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.https://nvd.nist.gov/vuln/detail/CVE-2020-25031
CVE-2020-25020MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.https://nvd.nist.gov/vuln/detail/CVE-2020-25020
CVE-2020-25019jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.https://nvd.nist.gov/vuln/detail/CVE-2020-25019
CVE-2020-25016A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.https://nvd.nist.gov/vuln/detail/CVE-2020-25016
CVE-2020-24972The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.https://nvd.nist.gov/vuln/detail/CVE-2020-24972
CVE-2020-24928managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information.https://nvd.nist.gov/vuln/detail/CVE-2020-24928
CVE-2020-24917osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.https://nvd.nist.gov/vuln/detail/CVE-2020-24917
CVE-2020-24898The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).https://nvd.nist.gov/vuln/detail/CVE-2020-24898
CVE-2020-24897The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro.https://nvd.nist.gov/vuln/detail/CVE-2020-24897
CVE-2020-24786An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.https://nvd.nist.gov/vuln/detail/CVE-2020-24786
CVE-2020-24717OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.https://nvd.nist.gov/vuln/detail/CVE-2020-24717
CVE-2020-24716OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.https://nvd.nist.gov/vuln/detail/CVE-2020-24716
CVE-2020-24715The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.https://nvd.nist.gov/vuln/detail/CVE-2020-24715
CVE-2020-24714The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.https://nvd.nist.gov/vuln/detail/CVE-2020-24714
CVE-2020-24706An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.https://nvd.nist.gov/vuln/detail/CVE-2020-24706
CVE-2020-24705An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.https://nvd.nist.gov/vuln/detail/CVE-2020-24705
CVE-2020-24704An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.https://nvd.nist.gov/vuln/detail/CVE-2020-24704
CVE-2020-24703An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.https://nvd.nist.gov/vuln/detail/CVE-2020-24703
CVE-2020-24699The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.https://nvd.nist.gov/vuln/detail/CVE-2020-24699
CVE-2020-24661GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.https://nvd.nist.gov/vuln/detail/CVE-2020-24661
CVE-2020-24656Maltego before 4.2.12 allows XXE attacks.https://nvd.nist.gov/vuln/detail/CVE-2020-24656
CVE-2020-24653secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.https://nvd.nist.gov/vuln/detail/CVE-2020-24653
CVE-2020-24618In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.https://nvd.nist.gov/vuln/detail/CVE-2020-24618
CVE-2020-24614Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.https://nvd.nist.gov/vuln/detail/CVE-2020-24614
CVE-2020-24606Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.https://nvd.nist.gov/vuln/detail/CVE-2020-24606
CVE-2020-24548Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.https://nvd.nist.gov/vuln/detail/CVE-2020-24548
CVE-2020-24390eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.https://nvd.nist.gov/vuln/detail/CVE-2020-24390
CVE-2020-24363TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.https://nvd.nist.gov/vuln/detail/CVE-2020-24363
CVE-2020-24354Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.https://nvd.nist.gov/vuln/detail/CVE-2020-24354
CVE-2020-24316WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2020-24316
CVE-2020-24315Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.https://nvd.nist.gov/vuln/detail/CVE-2020-24315
CVE-2020-24314Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2020-24314
CVE-2020-24313Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2020-24313
CVE-2020-24240GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.https://nvd.nist.gov/vuln/detail/CVE-2020-24240
CVE-2020-24212**REJECTED**Kaldin 4.0 is affected by: Insecure Permissions. The impact is: gain privileges (remote). The attack vector is: The affected URLs should be opened.https://nvd.nist.gov/vuln/detail/CVE-2020-24212
CVE-2020-24203Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2020-24203
CVE-2020-24196An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2020-24196
CVE-2020-24115In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.https://nvd.nist.gov/vuln/detail/CVE-2020-24115
CVE-2020-24008Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.https://nvd.nist.gov/vuln/detail/CVE-2020-24008
CVE-2020-24007Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.https://nvd.nist.gov/vuln/detail/CVE-2020-24007
CVE-2020-23984Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.https://nvd.nist.gov/vuln/detail/CVE-2020-23984
CVE-2020-23983Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.https://nvd.nist.gov/vuln/detail/CVE-2020-23983
CVE-2020-23982DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php'https://nvd.nist.gov/vuln/detail/CVE-2020-23982
CVE-2020-23980DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page.https://nvd.nist.gov/vuln/detail/CVE-2020-23980
CVE-2020-23977KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-23977
CVE-2020-23974Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags).https://nvd.nist.gov/vuln/detail/CVE-2020-23974
CVE-2020-23973KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-23973
CVE-2020-23972In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.https://nvd.nist.gov/vuln/detail/CVE-2020-23972
CVE-2020-23938***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 4.0.8.3 can cause a denial of service via crafted 0x82000028 IOCTL call.https://nvd.nist.gov/vuln/detail/CVE-2020-23938
CVE-2020-23658PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.https://nvd.nist.gov/vuln/detail/CVE-2020-23658
CVE-2020-23576Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.https://nvd.nist.gov/vuln/detail/CVE-2020-23576
CVE-2020-2075Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.https://nvd.nist.gov/vuln/detail/CVE-2020-2075
CVE-2020-20627The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.https://nvd.nist.gov/vuln/detail/CVE-2020-20627
CVE-2020-20626lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.https://nvd.nist.gov/vuln/detail/CVE-2020-20626
CVE-2020-20625Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.https://nvd.nist.gov/vuln/detail/CVE-2020-20625
CVE-2020-19005zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.https://nvd.nist.gov/vuln/detail/CVE-2020-19005
CVE-2020-17465Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6.https://nvd.nist.gov/vuln/detail/CVE-2020-17465
CVE-2020-17404This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11191.https://nvd.nist.gov/vuln/detail/CVE-2020-17404
CVE-2020-17403This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11003.https://nvd.nist.gov/vuln/detail/CVE-2020-17403
CVE-2020-17390This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10030.https://nvd.nist.gov/vuln/detail/CVE-2020-17390
CVE-2020-17376An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.https://nvd.nist.gov/vuln/detail/CVE-2020-17376
CVE-2020-16610Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.https://nvd.nist.gov/vuln/detail/CVE-2020-16610
CVE-2020-16250HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..https://nvd.nist.gov/vuln/detail/CVE-2020-16250
CVE-2020-16142On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.https://nvd.nist.gov/vuln/detail/CVE-2020-16142
CVE-2020-15777An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are deserialized by a Java standard library ObjectInputStream. This ObjectInputStream was not restricted to a list of trusted classes, thus allowing an attacker to send a malicious deserialization gadget chain to achieve code execution. The socket was not bound exclusively to localhost. The port this socket is assigned to is randomly selected by the JVM and is not intentionally exposed to the public (either by design or documentation).https://nvd.nist.gov/vuln/detail/CVE-2020-15777
CVE-2020-15704The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.https://nvd.nist.gov/vuln/detail/CVE-2020-15704
CVE-2020-15687Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and Denial of Service (DoS) for previously assigned PCIe devices to the Service VM at runtime.https://nvd.nist.gov/vuln/detail/CVE-2020-15687
CVE-2020-15639This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496.https://nvd.nist.gov/vuln/detail/CVE-2020-15639
CVE-2020-15605If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2020-15605
CVE-2020-15601If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2020-15601
CVE-2020-15498An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files.https://nvd.nist.gov/vuln/detail/CVE-2020-15498
CVE-2020-15486An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity.https://nvd.nist.gov/vuln/detail/CVE-2020-15486
CVE-2020-15485An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering.https://nvd.nist.gov/vuln/detail/CVE-2020-15485
CVE-2020-15165Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.https://nvd.nist.gov/vuln/detail/CVE-2020-15165
CVE-2020-15164in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.https://nvd.nist.gov/vuln/detail/CVE-2020-15164
CVE-2020-15159baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.https://nvd.nist.gov/vuln/detail/CVE-2020-15159
CVE-2020-15158In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.https://nvd.nist.gov/vuln/detail/CVE-2020-15158
CVE-2020-15156In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.https://nvd.nist.gov/vuln/detail/CVE-2020-15156
CVE-2020-15155baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.https://nvd.nist.gov/vuln/detail/CVE-2020-15155
CVE-2020-15154baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.https://nvd.nist.gov/vuln/detail/CVE-2020-15154
CVE-2020-15020An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.https://nvd.nist.gov/vuln/detail/CVE-2020-15020
CVE-2020-14415oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.https://nvd.nist.gov/vuln/detail/CVE-2020-14415
CVE-2020-14367A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.https://nvd.nist.gov/vuln/detail/CVE-2020-14367
CVE-2020-14364An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.https://nvd.nist.gov/vuln/detail/CVE-2020-14364
CVE-2020-14352A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.https://nvd.nist.gov/vuln/detail/CVE-2020-14352
CVE-2020-14178Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.https://nvd.nist.gov/vuln/detail/CVE-2020-14178
CVE-2020-13863The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.https://nvd.nist.gov/vuln/detail/CVE-2020-13863
CVE-2020-13828Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-13828
CVE-2020-13821An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.https://nvd.nist.gov/vuln/detail/CVE-2020-13821
CVE-2020-13767The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information,https://nvd.nist.gov/vuln/detail/CVE-2020-13767
CVE-2020-13655An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.https://nvd.nist.gov/vuln/detail/CVE-2020-13655
CVE-2020-13617The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.https://nvd.nist.gov/vuln/detail/CVE-2020-13617
CVE-2020-13595The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.https://nvd.nist.gov/vuln/detail/CVE-2020-13595
CVE-2020-13594The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.https://nvd.nist.gov/vuln/detail/CVE-2020-13594
CVE-2020-13593The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).https://nvd.nist.gov/vuln/detail/CVE-2020-13593
CVE-2020-13472The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.https://nvd.nist.gov/vuln/detail/CVE-2020-13472
CVE-2020-13471Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.https://nvd.nist.gov/vuln/detail/CVE-2020-13471
CVE-2020-13470Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data.https://nvd.nist.gov/vuln/detail/CVE-2020-13470
CVE-2020-13469The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU.https://nvd.nist.gov/vuln/detail/CVE-2020-13469
CVE-2020-13468Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection).https://nvd.nist.gov/vuln/detail/CVE-2020-13468
CVE-2020-13467The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.https://nvd.nist.gov/vuln/detail/CVE-2020-13467
CVE-2020-13466STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.https://nvd.nist.gov/vuln/detail/CVE-2020-13466
CVE-2020-13465The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface.https://nvd.nist.gov/vuln/detail/CVE-2020-13465
CVE-2020-13464The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.https://nvd.nist.gov/vuln/detail/CVE-2020-13464
CVE-2020-13463The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.https://nvd.nist.gov/vuln/detail/CVE-2020-13463
CVE-2020-12855A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status.https://nvd.nist.gov/vuln/detail/CVE-2020-12855
CVE-2020-12829In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-12829
CVE-2020-12646OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.https://nvd.nist.gov/vuln/detail/CVE-2020-12646
CVE-2020-12645OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.https://nvd.nist.gov/vuln/detail/CVE-2020-12645
CVE-2020-12644OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.https://nvd.nist.gov/vuln/detail/CVE-2020-12644
CVE-2020-12643OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.https://nvd.nist.gov/vuln/detail/CVE-2020-12643
CVE-2020-12456A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client.https://nvd.nist.gov/vuln/detail/CVE-2020-12456
CVE-2020-11797An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.https://nvd.nist.gov/vuln/detail/CVE-2020-11797
CVE-2020-11618THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.https://nvd.nist.gov/vuln/detail/CVE-2020-11618
CVE-2020-11617The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.https://nvd.nist.gov/vuln/detail/CVE-2020-11617
CVE-2020-11497An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step.https://nvd.nist.gov/vuln/detail/CVE-2020-11497
CVE-2020-10518A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.https://nvd.nist.gov/vuln/detail/CVE-2020-10518
CVE-2020-10517An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.https://nvd.nist.gov/vuln/detail/CVE-2020-10517