Security Bulletin 9 Sep 2020

Published on 09 Sep 2020

Updated on 09 Sep 2020

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-15164 in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code. 10 https://nvd.nist.gov/vuln/detail/CVE-2020-15164
CVE-2020-9548 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9548
CVE-2020-9547 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9547
CVE-2020-9546 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9546
CVE-2020-7730 The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7730
CVE-2020-7727 All versions of package gedi are vulnerable to Prototype Pollution via the set function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7727
CVE-2020-7726 All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7726
CVE-2020-7725 All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7725
CVE-2020-7724 All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7724
CVE-2020-7723 All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7723
CVE-2020-7722 All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7722
CVE-2020-7721 All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7721
CVE-2020-7719 Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7719
CVE-2020-7718 All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7718
CVE-2020-7717 All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7717
CVE-2020-7716 All versions of package deeps are vulnerable to Prototype Pollution via the set function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7716
CVE-2020-7715 All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7715
CVE-2020-7714 All versions of package confucious are vulnerable to Prototype Pollution via the set function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7714
CVE-2020-7713 All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7713
CVE-2020-7522 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7522
CVE-2020-7521 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7521
CVE-2020-7376 The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7376
CVE-2020-6144 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6144
CVE-2020-6143 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6143
CVE-2020-6142 A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6142
CVE-2020-6141 An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6141
CVE-2020-6140 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6140
CVE-2020-6139 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6139
CVE-2020-6138 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6138
CVE-2020-6137 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6137
CVE-2020-3446 A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3446
CVE-2020-25069 USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25069
CVE-2020-25055 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25055
CVE-2020-25053 An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25053
CVE-2020-25052 An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25052
CVE-2020-25049 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25049
CVE-2020-25020 MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25020
CVE-2020-25006 Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25006
CVE-2020-25005 Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25005
CVE-2020-25004 Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25004
CVE-2020-24715 The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24715
CVE-2020-24714 The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24714
CVE-2020-24653 secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24653
CVE-2020-24203 Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24203
CVE-2020-24115 In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24115
CVE-2020-23973 KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23973
CVE-2020-17446 asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17446
CVE-2020-16251 HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16251
CVE-2020-16250 HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16250
CVE-2020-16204 The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16204
CVE-2020-16170 Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16170
CVE-2020-16169 Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16169
CVE-2020-15639 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15639
CVE-2020-14510 GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14510
CVE-2020-14508 GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14508
CVE-2020-14500 Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14500
CVE-2020-11984 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11984
CVE-2020-11612 The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11612
CVE-2020-6294 Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6294
CVE-2020-25016 A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25016
CVE-2020-16167 Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-16167
CVE-2020-15165 Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15165
CVE-2020-16210 The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions). 9 https://nvd.nist.gov/vuln/detail/CVE-2020-16210
CVE-2020-16206 The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions). 9 https://nvd.nist.gov/vuln/detail/CVE-2020-16206

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-24897 The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro. 8.9 https://nvd.nist.gov/vuln/detail/CVE-2020-24897
CVE-2020-7831 A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7831
CVE-2020-7526 Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7526
CVE-2020-6136 An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6136
CVE-2020-6135 An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6135
CVE-2020-6134 SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6134
CVE-2020-6133 SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6133
CVE-2020-6132 SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6132
CVE-2020-6131 SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6131
CVE-2020-6130 SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6130
CVE-2020-6129 SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6129
CVE-2020-6128 SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6128
CVE-2020-6127 SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6127
CVE-2020-6126 SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6126
CVE-2020-6125 An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6125
CVE-2020-6124 An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6124
CVE-2020-6123 An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6123
CVE-2020-6122 SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6122
CVE-2020-6121 SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6121
CVE-2020-6120 SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6120
CVE-2020-6119 SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6119
CVE-2020-6118 SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6118
CVE-2020-6117 SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6117
CVE-2020-5922 In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-5922
CVE-2020-3443 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3443
CVE-2020-3415 A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3415
CVE-2020-25070 USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25070
CVE-2020-24972 The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24972
CVE-2020-24614 Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24614
CVE-2020-24354 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24354
CVE-2020-2241 A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2241
CVE-2020-2240 A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2240
CVE-2020-17390 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10030. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17390
CVE-2020-16142 On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16142
CVE-2020-15824 In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15824
CVE-2020-15049 An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\\ "-" or an uncommon shell whitespace character prefix to the length field-value. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15049
CVE-2020-14043 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14043
CVE-2020-12691 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12691
CVE-2020-12690 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12690
CVE-2020-12689 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12689
CVE-2020-10518 A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10518
CVE-2020-3517 A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-3517
CVE-2020-3398 A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-3398
CVE-2020-3397 A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-3397
CVE-2020-8022 A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2020-8022
CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-13379
CVE-2020-8244 A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8244
CVE-2020-7705 This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-7705
CVE-2020-24616 FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24616
CVE-2020-15605 If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15605
CVE-2020-15601 If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15601
CVE-2020-14352 A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. 8 https://nvd.nist.gov/vuln/detail/CVE-2020-14352
CVE-2020-15863 hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. 7.9 https://nvd.nist.gov/vuln/detail/CVE-2020-15863
CVE-2020-8097 An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8097
CVE-2020-7527 Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7527
CVE-2020-7523 Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7523
CVE-2020-3394 A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3394
CVE-2020-25031 checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25031
CVE-2020-24717 OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24717
CVE-2020-24716 OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24716
CVE-2020-24567 ** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24567
CVE-2020-17360 ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17360
CVE-2020-15862 Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15862
CVE-2020-15861 Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15861
CVE-2020-15777 An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. It is vulnerable to, in the worst case, Remote Code Execution, and in the general case, local privilege escalation. Internally, the plugin uses a socket connection to send serialized Java objects that are deserialized by a Java standard library ObjectInputStream. This ObjectInputStream was not restricted to a list of trusted classes, thus allowing an attacker to send a malicious deserialization gadget chain to achieve code execution. The socket was not bound exclusively to localhost. The port this socket is assigned to is randomly selected by the JVM and is not intentionally exposed to the public (either by design or documentation). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15777
CVE-2020-14364 An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14364
CVE-2020-14356 A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14356
CVE-2020-15159 baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2020-15159
CVE-2020-7666 This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7666
CVE-2020-7665 This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7665
CVE-2020-7525 Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7525
CVE-2020-7238 Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7238
CVE-2020-5926 In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5926
CVE-2020-5921 in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5921
CVE-2020-5919 In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5919
CVE-2020-5918 In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5918
CVE-2020-5772 Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5772
CVE-2020-5771 Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5771
CVE-2020-5622 Shadankun Server Security Type (excluding normal blocking method types) Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly detected attack source IP addresses as blocking targets for about 10 minutes via a specially crafted request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5622
CVE-2020-3566 A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3566
CVE-2020-3338 A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3338
CVE-2020-25056 An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25056
CVE-2020-25051 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25051
CVE-2020-25050 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25050
CVE-2020-25032 An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25032
CVE-2020-25019 jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25019
CVE-2020-24606 Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24606
CVE-2020-2075 Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-2075
CVE-2020-20625 Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20625
CVE-2020-16845 Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16845
CVE-2020-14040 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14040
CVE-2020-13757 Python-RSA before 4.1 ignores leading '\\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13757
CVE-2020-13410 An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13410
CVE-2020-12674 In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12674
CVE-2020-12673 In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12673
CVE-2020-12100 In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12100
CVE-2020-5913 In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts server-side connections and may result in a man-in-the-middle attack on the connections. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-5913
CVE-2020-7720 The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7720
CVE-2020-15155 baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15155
CVE-2020-15154 baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15154
CVE-2020-14350 It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14350
CVE-2020-8602 A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-8602
CVE-2020-7712 This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-7712
CVE-2020-3454 A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-3454
CVE-2020-24196 An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-24196
CVE-2020-14044 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-14044
CVE-2020-7729 The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-7729
CVE-2020-24394 In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24394
CVE-2020-2245 Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2245
CVE-2020-14349 It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14349
CVE-2020-9839 A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-9839
CVE-2020-13162 A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-13162
CVE-2020-5916 In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-5916
CVE-2020-13468 Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13468
CVE-2020-13465 The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13465
CVE-2020-3505 A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3505
CVE-2020-3440 A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3440
CVE-2020-24898 The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24898
CVE-2020-24656 Maltego before 4.2.12 allows XXE attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24656
CVE-2020-24618 In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24618
CVE-2020-2250 Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-2250
CVE-2020-2247 Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-2247
CVE-2020-2242 A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-2242
CVE-2020-16168 Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16168
CVE-2020-15486 An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15486
CVE-2020-11879 An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11879
CVE-2020-15858 Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 6.4 https://nvd.nist.gov/vuln/detail/CVE-2020-15858
CVE-2020-8960 Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8960
CVE-2020-5927 In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5927
CVE-2020-5623 NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5623
CVE-2020-3466 Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-3466
CVE-2020-25093 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25093
CVE-2020-25092 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25092
CVE-2020-25091 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25091
CVE-2020-25090 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25090
CVE-2020-25089 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25089
CVE-2020-25088 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25088
CVE-2020-25087 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25087
CVE-2020-25086 Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25086
CVE-2020-25033 The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25033
CVE-2020-24917 osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24917
CVE-2020-24706 An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24706
CVE-2020-24699 The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24699
CVE-2020-24553 Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24553
CVE-2020-24390 eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24390
CVE-2020-24314 Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24314
CVE-2020-24313 Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24313
CVE-2020-24223 Mara CMS 7.5 allows contact.php?theme= XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24223
CVE-2020-23982 DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23982
CVE-2020-23977 KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23977
CVE-2020-23839 A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23839
CVE-2020-23835 A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23835
CVE-2020-23831 A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23831
CVE-2020-23814 Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23814
CVE-2020-2248 Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2248
CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1927
CVE-2020-17465 Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-17465
CVE-2020-13655 An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13655
CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11023
CVE-2020-14367 A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. 6 https://nvd.nist.gov/vuln/detail/CVE-2020-14367
CVE-2020-5917 In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-5917
CVE-2020-4175 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-4175
CVE-2020-24661 GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-24661
CVE-2020-15498 An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-15498
CVE-2020-19005 zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2020-19005
CVE-2020-25047 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25047
CVE-2020-25046 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25046
CVE-2020-24241 In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24241
CVE-2020-24240 GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24240
CVE-2020-17361 ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17361
CVE-2020-14347 A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14347
CVE-2020-5923 In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-5923
CVE-2020-4165 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4165
CVE-2020-23984 Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-23984
CVE-2020-23983 Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-23983
CVE-2020-23974 Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-23974
CVE-2020-23576 Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-23576
CVE-2020-2246 Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-2246
CVE-2020-2244 Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-2244
CVE-2020-2243 Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-2243
CVE-2020-2238 Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-2238
CVE-2020-16193 osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-16193
CVE-2020-15020 An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-15020
CVE-2020-12692 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-12692
CVE-2020-5383 Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5383
CVE-2020-3496 A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-3496
CVE-2020-3484 A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the affected device. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-3484
CVE-2020-24928 managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-24928
CVE-2020-24370 ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-24370
CVE-2020-1934 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1934
CVE-2020-11985 IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-11985
CVE-2020-10967 In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10967
CVE-2020-10775 An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10775
CVE-2020-2934 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). 5 https://nvd.nist.gov/vuln/detail/CVE-2020-2934
CVE-2020-3490 A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-3490
CVE-2020-7309 Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7309
CVE-2020-3491 A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3491
CVE-2020-25124 The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25124
CVE-2020-25123 The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25123
CVE-2020-25122 The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25122
CVE-2020-25121 The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25121
CVE-2020-25120 The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25120
CVE-2020-25119 The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25119
CVE-2020-25118 The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25118
CVE-2020-25117 The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25117
CVE-2020-25116 The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25116
CVE-2020-25115 The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25115
CVE-2020-2875 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-2875
CVE-2020-25048 An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020). 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-25048
CVE-2020-13472 The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-13472
CVE-2020-13470 Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-13470
CVE-2020-13469 The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-13469
CVE-2020-5920 In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5920
CVE-2020-5621 Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5621
CVE-2020-2251 Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2251
CVE-2020-2239 Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2239
CVE-2020-16610 Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-16610
CVE-2020-10517 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10517
CVE-2020-16092 In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. 3.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16092
CVE-2020-15103 In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto 3.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15103
CVE-2020-4591 IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4591
CVE-2020-3504 A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A successful exploit could allow the attacker to cause internal system processes to fail to terminate properly, which could result in a buildup of stuck processes and lead to slowness in accessing the UCS Manager CLI and web UI. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-3504
CVE-2020-2249 Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2249
CVE-2020-14415 oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14415
CVE-2020-5928 In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2020-5928
CVE-2020-2933 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). 2.2 https://nvd.nist.gov/vuln/detail/CVE-2020-2933
CVE-2020-9235 Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. https://nvd.nist.gov/vuln/detail/CVE-2020-9235
CVE-2020-9199 B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. https://nvd.nist.gov/vuln/detail/CVE-2020-9199
CVE-2020-9083 HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E160R3P8) have a denial of service (DoS) vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service. https://nvd.nist.gov/vuln/detail/CVE-2020-9083
CVE-2020-8576 Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2020-8576
CVE-2020-8341 In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. https://nvd.nist.gov/vuln/detail/CVE-2020-8341
CVE-2020-8335 The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access. https://nvd.nist.gov/vuln/detail/CVE-2020-8335
CVE-2020-7830 RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier. https://nvd.nist.gov/vuln/detail/CVE-2020-7830
CVE-2020-7382 Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40. https://nvd.nist.gov/vuln/detail/CVE-2020-7382
CVE-2020-7381 In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name. https://nvd.nist.gov/vuln/detail/CVE-2020-7381
CVE-2020-7299 Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. https://nvd.nist.gov/vuln/detail/CVE-2020-7299
CVE-2020-7119 A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user. https://nvd.nist.gov/vuln/detail/CVE-2020-7119
CVE-2020-6874 A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. https://nvd.nist.gov/vuln/detail/CVE-2020-6874
CVE-2020-6873 A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40. https://nvd.nist.gov/vuln/detail/CVE-2020-6873
CVE-2020-6279 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. https://nvd.nist.gov/vuln/detail/CVE-2020-6279
CVE-2020-6152 A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file. https://nvd.nist.gov/vuln/detail/CVE-2020-6152
CVE-2020-6151 A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-6151
CVE-2020-5779 A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe terminates as a result. https://nvd.nist.gov/vuln/detail/CVE-2020-5779
CVE-2020-5778 A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe. https://nvd.nist.gov/vuln/detail/CVE-2020-5778
CVE-2020-5777 MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication. https://nvd.nist.gov/vuln/detail/CVE-2020-5777
CVE-2020-5776 Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI. https://nvd.nist.gov/vuln/detail/CVE-2020-5776
CVE-2020-5420 Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters. https://nvd.nist.gov/vuln/detail/CVE-2020-5420
CVE-2020-5418 Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). https://nvd.nist.gov/vuln/detail/CVE-2020-5418
CVE-2020-5386 Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. https://nvd.nist.gov/vuln/detail/CVE-2020-5386
CVE-2020-5379 Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). https://nvd.nist.gov/vuln/detail/CVE-2020-5379
CVE-2020-5378 Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). https://nvd.nist.gov/vuln/detail/CVE-2020-5378
CVE-2020-5376 Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). https://nvd.nist.gov/vuln/detail/CVE-2020-5376
CVE-2020-5369 Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files. https://nvd.nist.gov/vuln/detail/CVE-2020-5369
CVE-2020-4702 IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187. https://nvd.nist.gov/vuln/detail/CVE-2020-4702
CVE-2020-4693 IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. https://nvd.nist.gov/vuln/detail/CVE-2020-4693
CVE-2020-4638 IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508. https://nvd.nist.gov/vuln/detail/CVE-2020-4638
CVE-2020-4632 IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416. https://nvd.nist.gov/vuln/detail/CVE-2020-4632
CVE-2020-4546 IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314. https://nvd.nist.gov/vuln/detail/CVE-2020-4546
CVE-2020-4545 IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. https://nvd.nist.gov/vuln/detail/CVE-2020-4545
CVE-2020-4522 IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397. https://nvd.nist.gov/vuln/detail/CVE-2020-4522
CVE-2020-4445 IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122. https://nvd.nist.gov/vuln/detail/CVE-2020-4445
CVE-2020-4337 IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933. https://nvd.nist.gov/vuln/detail/CVE-2020-4337
CVE-2020-3547 A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface. https://nvd.nist.gov/vuln/detail/CVE-2020-3547
CVE-2020-3546 A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device. There is a workaround that addresses this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-3546
CVE-2020-3545 A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2020-3545
CVE-2020-3542 A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting. https://nvd.nist.gov/vuln/detail/CVE-2020-3542
CVE-2020-3541 A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. https://nvd.nist.gov/vuln/detail/CVE-2020-3541
CVE-2020-3537 A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks. https://nvd.nist.gov/vuln/detail/CVE-2020-3537
CVE-2020-3530 A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-3530
CVE-2020-3498 A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks. https://nvd.nist.gov/vuln/detail/CVE-2020-3498
CVE-2020-3495 A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-3495
CVE-2020-3478 A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system. https://nvd.nist.gov/vuln/detail/CVE-2020-3478
CVE-2020-3473 A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group&ndash;based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks. https://nvd.nist.gov/vuln/detail/CVE-2020-3473
CVE-2020-3453 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2020-3453
CVE-2020-3451 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. https://nvd.nist.gov/vuln/detail/CVE-2020-3451
CVE-2020-3430 A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software. https://nvd.nist.gov/vuln/detail/CVE-2020-3430
CVE-2020-3365 A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device. https://nvd.nist.gov/vuln/detail/CVE-2020-3365
CVE-2020-25125 GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version. https://nvd.nist.gov/vuln/detail/CVE-2020-25125
CVE-2020-25105 eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities). https://nvd.nist.gov/vuln/detail/CVE-2020-25105
CVE-2020-25104 eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension. https://nvd.nist.gov/vuln/detail/CVE-2020-25104
CVE-2020-25102 silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-25102
CVE-2020-25079 An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. https://nvd.nist.gov/vuln/detail/CVE-2020-25079
CVE-2020-25078 An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. https://nvd.nist.gov/vuln/detail/CVE-2020-25078
CVE-2020-25073 FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. https://nvd.nist.gov/vuln/detail/CVE-2020-25073
CVE-2020-25068 Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. https://nvd.nist.gov/vuln/detail/CVE-2020-25068
CVE-2020-25045 Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system. https://nvd.nist.gov/vuln/detail/CVE-2020-25045
CVE-2020-25044 Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system. https://nvd.nist.gov/vuln/detail/CVE-2020-25044
CVE-2020-25043 The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system. https://nvd.nist.gov/vuln/detail/CVE-2020-25043
CVE-2020-25042 An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php. https://nvd.nist.gov/vuln/detail/CVE-2020-25042
CVE-2020-25026 The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control. https://nvd.nist.gov/vuln/detail/CVE-2020-25026
CVE-2020-25025 The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). https://nvd.nist.gov/vuln/detail/CVE-2020-25025
CVE-2020-25023 An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. https://nvd.nist.gov/vuln/detail/CVE-2020-25023
CVE-2020-25022 An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. https://nvd.nist.gov/vuln/detail/CVE-2020-25022
CVE-2020-25021 An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. https://nvd.nist.gov/vuln/detail/CVE-2020-25021
CVE-2020-24999 There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. https://nvd.nist.gov/vuln/detail/CVE-2020-24999
CVE-2020-24996 There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. https://nvd.nist.gov/vuln/detail/CVE-2020-24996
CVE-2020-24987 Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". https://nvd.nist.gov/vuln/detail/CVE-2020-24987
CVE-2020-24986 Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. https://nvd.nist.gov/vuln/detail/CVE-2020-24986
CVE-2020-24981 An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS. https://nvd.nist.gov/vuln/detail/CVE-2020-24981
CVE-2020-24980 An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file containing character '\\' at the end and while still in a character or a string. https://nvd.nist.gov/vuln/detail/CVE-2020-24980
CVE-2020-24979 A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker may execute bison with crafted input file redefining the EOF token, which could triggers Heap buffer overflow and thus cause system crash. https://nvd.nist.gov/vuln/detail/CVE-2020-24979
CVE-2020-24978 In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. https://nvd.nist.gov/vuln/detail/CVE-2020-24978
CVE-2020-24977 GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). https://nvd.nist.gov/vuln/detail/CVE-2020-24977
CVE-2020-24963 An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. https://nvd.nist.gov/vuln/detail/CVE-2020-24963
CVE-2020-24955 SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware. https://nvd.nist.gov/vuln/detail/CVE-2020-24955
CVE-2020-24949 Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). https://nvd.nist.gov/vuln/detail/CVE-2020-24949
CVE-2020-24948 The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. https://nvd.nist.gov/vuln/detail/CVE-2020-24948
CVE-2020-24941 An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. https://nvd.nist.gov/vuln/detail/CVE-2020-24941
CVE-2020-24940 An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. https://nvd.nist.gov/vuln/detail/CVE-2020-24940
CVE-2020-24876 Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2020-24876
CVE-2020-24863 A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. https://nvd.nist.gov/vuln/detail/CVE-2020-24863
CVE-2020-24659 An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. https://nvd.nist.gov/vuln/detail/CVE-2020-24659
CVE-2020-24654 In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. https://nvd.nist.gov/vuln/detail/CVE-2020-24654
CVE-2020-24604 A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp https://nvd.nist.gov/vuln/detail/CVE-2020-24604
CVE-2020-24602 Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page https://nvd.nist.gov/vuln/detail/CVE-2020-24602
CVE-2020-24601 In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page https://nvd.nist.gov/vuln/detail/CVE-2020-24601
CVE-2020-24584 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. https://nvd.nist.gov/vuln/detail/CVE-2020-24584
CVE-2020-24583 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. https://nvd.nist.gov/vuln/detail/CVE-2020-24583
CVE-2020-24385 In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). https://nvd.nist.gov/vuln/detail/CVE-2020-24385
CVE-2020-24355 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion. https://nvd.nist.gov/vuln/detail/CVE-2020-24355
CVE-2020-24212 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. This candidate was erroneously published without a public reference containing the required information. https://nvd.nist.gov/vuln/detail/CVE-2020-24212
CVE-2020-24193 A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-24193
CVE-2020-24162 The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. https://nvd.nist.gov/vuln/detail/CVE-2020-24162
CVE-2020-24161 Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. https://nvd.nist.gov/vuln/detail/CVE-2020-24161
CVE-2020-24160 Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. https://nvd.nist.gov/vuln/detail/CVE-2020-24160
CVE-2020-24159 NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. https://nvd.nist.gov/vuln/detail/CVE-2020-24159
CVE-2020-24158 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. https://nvd.nist.gov/vuln/detail/CVE-2020-24158
CVE-2020-24030 ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. https://nvd.nist.gov/vuln/detail/CVE-2020-24030
CVE-2020-24029 Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. https://nvd.nist.gov/vuln/detail/CVE-2020-24029
CVE-2020-24028 ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. https://nvd.nist.gov/vuln/detail/CVE-2020-24028
CVE-2020-23972 In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. https://nvd.nist.gov/vuln/detail/CVE-2020-23972
CVE-2020-23938 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. This candidate was erroneously published without a public reference containing the required information. https://nvd.nist.gov/vuln/detail/CVE-2020-23938
CVE-2020-23836 A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site. https://nvd.nist.gov/vuln/detail/CVE-2020-23836
CVE-2020-23834 Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\\bd\\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem. https://nvd.nist.gov/vuln/detail/CVE-2020-23834
CVE-2020-23830 A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. https://nvd.nist.gov/vuln/detail/CVE-2020-23830
CVE-2020-23829 interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. https://nvd.nist.gov/vuln/detail/CVE-2020-23829
CVE-2020-23811 xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. https://nvd.nist.gov/vuln/detail/CVE-2020-23811
CVE-2020-1911 A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. https://nvd.nist.gov/vuln/detail/CVE-2020-1911
CVE-2020-1894 A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message. https://nvd.nist.gov/vuln/detail/CVE-2020-1894
CVE-2020-1891 A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices. https://nvd.nist.gov/vuln/detail/CVE-2020-1891
CVE-2020-1890 A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction. https://nvd.nist.gov/vuln/detail/CVE-2020-1890
CVE-2020-1889 A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process. https://nvd.nist.gov/vuln/detail/CVE-2020-1889
CVE-2020-1886 A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call. https://nvd.nist.gov/vuln/detail/CVE-2020-1886
CVE-2020-17458 A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field. https://nvd.nist.gov/vuln/detail/CVE-2020-17458
CVE-2020-16602 Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\\Razer Chroma\\SDK\\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step. https://nvd.nist.gov/vuln/detail/CVE-2020-16602
CVE-2020-16208 The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). https://nvd.nist.gov/vuln/detail/CVE-2020-16208
CVE-2020-16150 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. https://nvd.nist.gov/vuln/detail/CVE-2020-16150
CVE-2020-16149 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requestor. Notes: none. https://nvd.nist.gov/vuln/detail/CVE-2020-16149
CVE-2020-15811 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. https://nvd.nist.gov/vuln/detail/CVE-2020-15811
CVE-2020-15810 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. https://nvd.nist.gov/vuln/detail/CVE-2020-15810
CVE-2020-15709 Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways. https://nvd.nist.gov/vuln/detail/CVE-2020-15709
CVE-2020-15167 In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1. https://nvd.nist.gov/vuln/detail/CVE-2020-15167
CVE-2020-15094 In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5. https://nvd.nist.gov/vuln/detail/CVE-2020-15094
CVE-2020-14373 A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2020-14373
CVE-2020-14209 Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism). https://nvd.nist.gov/vuln/detail/CVE-2020-14209
CVE-2020-14008 Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-14008
CVE-2020-13972 Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951. https://nvd.nist.gov/vuln/detail/CVE-2020-13972
CVE-2020-13946 In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. https://nvd.nist.gov/vuln/detail/CVE-2020-13946
CVE-2020-13802 Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. https://nvd.nist.gov/vuln/detail/CVE-2020-13802
CVE-2020-12829 In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2020-12829
CVE-2020-12621 The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component. https://nvd.nist.gov/vuln/detail/CVE-2020-12621
CVE-2020-12248 In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. https://nvd.nist.gov/vuln/detail/CVE-2020-12248
CVE-2020-12247 In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. https://nvd.nist.gov/vuln/detail/CVE-2020-12247
CVE-2020-12058 Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php. https://nvd.nist.gov/vuln/detail/CVE-2020-12058
CVE-2020-11579 An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. https://nvd.nist.gov/vuln/detail/CVE-2020-11579
CVE-2020-11493 In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. https://nvd.nist.gov/vuln/detail/CVE-2020-11493
CVE-2020-10720 A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. https://nvd.nist.gov/vuln/detail/CVE-2020-10720