Security Bulletin 2 Dec 2020

Published on 02 Dec 2020

Updated on 02 Dec 2020

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-8271 Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8271
CVE-2020-7772 This affects the package doc-path before 2.1.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7772
CVE-2020-7472 An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7472
CVE-2020-4854 IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-4854
CVE-2020-3992 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3992
CVE-2020-29062 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29062
CVE-2020-29061 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29061
CVE-2020-29060 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29060
CVE-2020-29059 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29059
CVE-2020-29058 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29058
CVE-2020-29056 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29056
CVE-2020-29054 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29054
CVE-2020-28994 A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28994
CVE-2020-28642 In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28642
CVE-2020-28578 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28578
CVE-2020-27422 In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27422
CVE-2020-27251 A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27251
CVE-2020-27131 Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27131
CVE-2020-27125 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27125
CVE-2020-26510 Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26510
CVE-2020-26154 url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26154
CVE-2020-25952 SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25952
CVE-2020-25475 SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25475
CVE-2020-25159 499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25159
CVE-2020-24719 Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24719
CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1938
CVE-2020-16846 An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16846
CVE-2020-11967 ** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11967
CVE-2020-11966 ** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11966
CVE-2020-11965 ** DISPUTED ** In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11965
CVE-2020-11963 ** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11963
CVE-2020-11851 Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11851
CVE-2020-11193 u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11193
CVE-2020-0452 In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-0452
CVE-2020-27130 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27130
CVE-2020-4627 IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. 9 https://nvd.nist.gov/vuln/detail/CVE-2020-4627

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-9983 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9983
CVE-2020-9951 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9951
CVE-2020-9948 A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9948
CVE-2020-8273 Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8273
CVE-2020-7572 A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7572
CVE-2020-7569 A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7569
CVE-2020-29074 scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29074
CVE-2020-28922 An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28922
CVE-2020-28921 An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28921
CVE-2020-28693 An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28693
CVE-2020-28649 The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28649
CVE-2020-27386 An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27386
CVE-2020-26548 An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26548
CVE-2020-26124 openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26124
CVE-2020-26075 A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26075
CVE-2020-12351 Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12351
CVE-2020-26072 A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. 8.7 https://nvd.nist.gov/vuln/detail/CVE-2020-26072
CVE-2020-27385 Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\\..\\..\\..\\..\\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\\<file>). The files can then be edited via the FileEditor. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27385
CVE-2020-16602 Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\\Razer Chroma\\SDK\\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-16602
CVE-2020-8750 Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8750
CVE-2020-7558 A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7558
CVE-2020-7557 A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7557
CVE-2020-7556 A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7556
CVE-2020-7555 A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7555
CVE-2020-7554 A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7554
CVE-2020-7553 A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7553
CVE-2020-7552 A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7552
CVE-2020-7551 A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7551
CVE-2020-7550 A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7550
CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27216
CVE-2020-27192 BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27192
CVE-2020-1319 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1319
CVE-2020-12927 A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12927
CVE-2020-12335 Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12335
CVE-2020-12333 Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12333
CVE-2020-12331 Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12331
CVE-2020-12330 Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12330
CVE-2020-12329 Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12329
CVE-2020-12320 Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12320
CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8277
CVE-2020-8272 Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8272
CVE-2020-8037 The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8037
CVE-2020-8036 The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8036
CVE-2020-6019 Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6019
CVE-2020-4937 IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-4937
CVE-2020-29063 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29063
CVE-2020-29057 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29057
CVE-2020-29043 An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29043
CVE-2020-28723 Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28723
CVE-2020-27623 JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27623
CVE-2020-27255 A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27255
CVE-2020-27253 A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27253
CVE-2020-27191 LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27191
CVE-2020-26552 An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26552
CVE-2020-26549 An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26549
CVE-2020-26509 Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26509
CVE-2020-26224 In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26224
CVE-2020-26076 A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26076
CVE-2020-25640 A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25640
CVE-2020-25400 Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25400
CVE-2020-25219 url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25219
CVE-2020-25155 The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25155
CVE-2020-25151 The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25151
CVE-2020-1847 There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1847
CVE-2020-15783 A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15783
CVE-2020-15246 October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15246
CVE-2020-14191 Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14191
CVE-2020-14190 Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14190
CVE-2020-12593 Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12593
CVE-2020-11968 ** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11968
CVE-2020-11964 ** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11964
CVE-2020-0198 In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0198
CVE-2020-0181 In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0181
CVE-2020-8279 Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-8279
CVE-2020-7778 This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7778
CVE-2020-28692 In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-28692
CVE-2020-28581 A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-28581
CVE-2020-28580 A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-28580
CVE-2020-2492 If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-2492
CVE-2020-2490 If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-2490
CVE-2020-21665 In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-21665
CVE-2020-10963 FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-10963
CVE-2020-28209 A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-28209
CVE-2020-8705 Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8705
CVE-2020-9127 Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-9127
CVE-2020-8692 Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8692
CVE-2020-8691 A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8691
CVE-2020-8690 Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8690
CVE-2020-8676 Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8676
CVE-2020-8354 A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8354
CVE-2020-8353 Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8353
CVE-2020-12323 Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-12323
CVE-2020-0599 Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-0599
CVE-2020-8766 Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8766
CVE-2020-7926 A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7926
CVE-2020-7573 A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7573
CVE-2020-7032 An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7032
CVE-2020-3471 A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3471
CVE-2020-28242 An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28242
CVE-2020-27617 eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27617
CVE-2020-27403 A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure. Also, some TV models and/or FW versions may expose the webserver with the entire filesystem accessible on another port. For example, nmap scan for all ports run directly from the TV model U43P6046 (Android 8.0) showed port 7983 not mentioned in the original CVE description, but containing the same directory listing of the entire filesystem. This webserver is bound (at least) to localhost interface and accessible freely to all unprivileged installed apps on the Android such as a regular web browser. Any app can therefore read any files of any other apps including Android system settings including sensitive data such as saved passwords, private keys etc. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27403
CVE-2020-26223 Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Order token. This is patched in versions 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree < 3.7 are not affected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26223
CVE-2020-26078 A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26078
CVE-2020-26068 A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26068
CVE-2020-25473 SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25473
CVE-2020-25472 SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25472
CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24977
CVE-2020-13351 Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13351
CVE-2020-12352 Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12352
CVE-2020-12926 The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2020-12926
CVE-2020-7780 This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7780
CVE-2020-1945 Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1945
CVE-2020-29133 jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-29133
CVE-2020-29053 HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-29053
CVE-2020-28947 In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28947
CVE-2020-28927 There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28927
CVE-2020-28350 A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28350
CVE-2020-28129 Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28129
CVE-2020-27126 A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27126
CVE-2020-26554 REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26554
CVE-2020-26225 In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26225
CVE-2020-26081 Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26081
CVE-2020-25834 Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25834
CVE-2020-25474 SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25474
CVE-2020-22723 A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-22723
CVE-2020-22394 In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-22394
CVE-2020-15710 Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15710
CVE-2020-13954 By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13954
CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11023
CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11022
CVE-2020-4783 IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-4783
CVE-2020-29055 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-29055
CVE-2020-28168 Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-28168
CVE-2020-13348 An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2020-13348
CVE-2020-8767 Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8767
CVE-2020-8696 Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8696
CVE-2020-8695 Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8695
CVE-2020-26164 In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26164
CVE-2020-17490 The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17490
CVE-2020-13358 A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13358
CVE-2020-0573 Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0573
CVE-2020-0543 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0543
CVE-2020-7571 A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-7571
CVE-2020-7570 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-7570
CVE-2020-7033 A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-7033
CVE-2020-4718 IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4718
CVE-2020-29003 The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-29003
CVE-2020-28650 The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-28650
CVE-2020-28647 In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-28647
CVE-2020-26701 Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-26701
CVE-2020-25798 A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-25798
CVE-2020-25454 Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-25454
CVE-2020-15249 October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under the website's domain (i.e. /storage/app/media/evil.svg), but they would have to convince their target to visit that location directly in the target's browser as the backend does not display SVGs inline anywhere, SVGs are only displayed as image resources in the backend and are thus unable to be executed. Issue has been patched in Build 469 (v1.0.469) & v1.1.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-15249
CVE-2020-13773 Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-13773
CVE-2020-7962 An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7962
CVE-2020-7779 All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7779
CVE-2020-4771 IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4771
CVE-2020-4625 IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4625
CVE-2020-4624 IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4624
CVE-2020-3441 A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-3441
CVE-2020-28954 web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-28954
CVE-2020-28247 The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-28247
CVE-2020-25625 hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-25625
CVE-2020-17494 Untangle Firewall NG before 16.0 uses MD5 for passwords. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-17494
CVE-2020-13352 Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13352
CVE-2020-25085 QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. 5 https://nvd.nist.gov/vuln/detail/CVE-2020-25085
CVE-2020-26079 A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-26079
CVE-2020-29070 osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29070
CVE-2020-29002 includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-29002
CVE-2020-24723 Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24723
CVE-2020-10776 A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10776
CVE-2020-8761 Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-8761
CVE-2020-25746 QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-25746
CVE-2020-8677 Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2020-8677
CVE-2020-6157 Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-6157
CVE-2020-4696 IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4696
CVE-2020-4626 IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4626
CVE-2020-29130 slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-29130
CVE-2020-29129 ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-29129
CVE-2020-27663 In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-27663
CVE-2020-27662 In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-27662
CVE-2020-26077 A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-26077
CVE-2020-13354 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13354
CVE-2020-13350 CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13350
CVE-2020-13349 An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13349
CVE-2020-15248 October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Issue has been patched in Build 470 (v1.0.470) & v1.1.1. 4.2 https://nvd.nist.gov/vuln/detail/CVE-2020-15248
CVE-2020-26080 A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26080
CVE-2020-29042 An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-29042
CVE-2020-13353 When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. 3.2 https://nvd.nist.gov/vuln/detail/CVE-2020-13353
CVE-2020-8352 In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2020-8352
CVE-2020-9117 HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2020-9117
CVE-2020-9116 Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. https://nvd.nist.gov/vuln/detail/CVE-2020-9116
CVE-2020-9115 ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. https://nvd.nist.gov/vuln/detail/CVE-2020-9115
CVE-2020-9114 FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2020-9114
CVE-2020-8351 A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-8351
CVE-2020-6317 In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0. https://nvd.nist.gov/vuln/detail/CVE-2020-6317
CVE-2020-4900 IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. https://nvd.nist.gov/vuln/detail/CVE-2020-4900
CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. https://nvd.nist.gov/vuln/detail/CVE-2020-4788
CVE-2020-4129 HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. https://nvd.nist.gov/vuln/detail/CVE-2020-4129
CVE-2020-4127 HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. https://nvd.nist.gov/vuln/detail/CVE-2020-4127
CVE-2020-4126 HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later. https://nvd.nist.gov/vuln/detail/CVE-2020-4126
CVE-2020-29441 An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. https://nvd.nist.gov/vuln/detail/CVE-2020-29441
CVE-2020-29440 Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob. https://nvd.nist.gov/vuln/detail/CVE-2020-29440
CVE-2020-29439 Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) https://nvd.nist.gov/vuln/detail/CVE-2020-29439
CVE-2020-29438 Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip. https://nvd.nist.gov/vuln/detail/CVE-2020-29438
CVE-2020-29395 The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. https://nvd.nist.gov/vuln/detail/CVE-2020-29395
CVE-2020-29394 A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument). https://nvd.nist.gov/vuln/detail/CVE-2020-29394
CVE-2020-29392 The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user. https://nvd.nist.gov/vuln/detail/CVE-2020-29392
CVE-2020-29390 Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. https://nvd.nist.gov/vuln/detail/CVE-2020-29390
CVE-2020-29384 An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow. https://nvd.nist.gov/vuln/detail/CVE-2020-29384
CVE-2020-29383 An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images. https://nvd.nist.gov/vuln/detail/CVE-2020-29383
CVE-2020-29382 An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images. https://nvd.nist.gov/vuln/detail/CVE-2020-29382
CVE-2020-29381 An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename. https://nvd.nist.gov/vuln/detail/CVE-2020-29381
CVE-2020-29380 An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance. https://nvd.nist.gov/vuln/detail/CVE-2020-29380
CVE-2020-29379 An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access. https://nvd.nist.gov/vuln/detail/CVE-2020-29379
CVE-2020-29378 An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command. https://nvd.nist.gov/vuln/detail/CVE-2020-29378
CVE-2020-29377 An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided. https://nvd.nist.gov/vuln/detail/CVE-2020-29377
CVE-2020-29376 An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service. https://nvd.nist.gov/vuln/detail/CVE-2020-29376
CVE-2020-29375 An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. https://nvd.nist.gov/vuln/detail/CVE-2020-29375
CVE-2020-29374 An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. https://nvd.nist.gov/vuln/detail/CVE-2020-29374
CVE-2020-29373 An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. https://nvd.nist.gov/vuln/detail/CVE-2020-29373
CVE-2020-29372 An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. https://nvd.nist.gov/vuln/detail/CVE-2020-29372
CVE-2020-29371 An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. https://nvd.nist.gov/vuln/detail/CVE-2020-29371
CVE-2020-29370 An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. https://nvd.nist.gov/vuln/detail/CVE-2020-29370
CVE-2020-29369 An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. https://nvd.nist.gov/vuln/detail/CVE-2020-29369
CVE-2020-29368 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. https://nvd.nist.gov/vuln/detail/CVE-2020-29368
CVE-2020-29367 blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. https://nvd.nist.gov/vuln/detail/CVE-2020-29367
CVE-2020-29364 In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles. https://nvd.nist.gov/vuln/detail/CVE-2020-29364
CVE-2020-29145 In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. https://nvd.nist.gov/vuln/detail/CVE-2020-29145
CVE-2020-29144 In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. https://nvd.nist.gov/vuln/detail/CVE-2020-29144
CVE-2020-29138 Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running. https://nvd.nist.gov/vuln/detail/CVE-2020-29138
CVE-2020-29137 cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). https://nvd.nist.gov/vuln/detail/CVE-2020-29137
CVE-2020-29136 In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). https://nvd.nist.gov/vuln/detail/CVE-2020-29136
CVE-2020-29135 cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). https://nvd.nist.gov/vuln/detail/CVE-2020-29135
CVE-2020-29128 petl before 1.68, in some configurations, allows resolution of entities in an XML document. https://nvd.nist.gov/vuln/detail/CVE-2020-29128
CVE-2020-29127 An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser. https://nvd.nist.gov/vuln/detail/CVE-2020-29127
CVE-2020-29072 A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js. https://nvd.nist.gov/vuln/detail/CVE-2020-29072
CVE-2020-29071 An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user. https://nvd.nist.gov/vuln/detail/CVE-2020-29071
CVE-2020-29069 _get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string. https://nvd.nist.gov/vuln/detail/CVE-2020-29069
CVE-2020-29065 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none. https://nvd.nist.gov/vuln/detail/CVE-2020-29065
CVE-2020-28984 prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. https://nvd.nist.gov/vuln/detail/CVE-2020-28984
CVE-2020-28978 The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. https://nvd.nist.gov/vuln/detail/CVE-2020-28978
CVE-2020-28977 The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. https://nvd.nist.gov/vuln/detail/CVE-2020-28977
CVE-2020-28976 The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. https://nvd.nist.gov/vuln/detail/CVE-2020-28976
CVE-2020-28975 ** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute. https://nvd.nist.gov/vuln/detail/CVE-2020-28975
CVE-2020-28974 A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. https://nvd.nist.gov/vuln/detail/CVE-2020-28974
CVE-2020-28949 Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. https://nvd.nist.gov/vuln/detail/CVE-2020-28949
CVE-2020-28948 Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. https://nvd.nist.gov/vuln/detail/CVE-2020-28948
CVE-2020-28941 An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. https://nvd.nist.gov/vuln/detail/CVE-2020-28941
CVE-2020-28928 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). https://nvd.nist.gov/vuln/detail/CVE-2020-28928
CVE-2020-28926 ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. https://nvd.nist.gov/vuln/detail/CVE-2020-28926
CVE-2020-28896 Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. https://nvd.nist.gov/vuln/detail/CVE-2020-28896
CVE-2020-28368 Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. https://nvd.nist.gov/vuln/detail/CVE-2020-28368
CVE-2020-27985 Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. https://nvd.nist.gov/vuln/detail/CVE-2020-27985
CVE-2020-27746 Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. https://nvd.nist.gov/vuln/detail/CVE-2020-27746
CVE-2020-27745 Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. https://nvd.nist.gov/vuln/detail/CVE-2020-27745
CVE-2020-27660 SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-27660
CVE-2020-27659 Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-27659
CVE-2020-27587 Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. https://nvd.nist.gov/vuln/detail/CVE-2020-27587
CVE-2020-27586 Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. https://nvd.nist.gov/vuln/detail/CVE-2020-27586
CVE-2020-27585 Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. https://nvd.nist.gov/vuln/detail/CVE-2020-27585
CVE-2020-27218 In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. https://nvd.nist.gov/vuln/detail/CVE-2020-27218
CVE-2020-27207 Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. https://nvd.nist.gov/vuln/detail/CVE-2020-27207
CVE-2020-26936 Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. https://nvd.nist.gov/vuln/detail/CVE-2020-26936
CVE-2020-26245 npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite(). https://nvd.nist.gov/vuln/detail/CVE-2020-26245
CVE-2020-26243 Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards. https://nvd.nist.gov/vuln/detail/CVE-2020-26243
CVE-2020-26242 Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. https://nvd.nist.gov/vuln/detail/CVE-2020-26242
CVE-2020-26241 Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17. https://nvd.nist.gov/vuln/detail/CVE-2020-26241
CVE-2020-26240 Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24 https://nvd.nist.gov/vuln/detail/CVE-2020-26240
CVE-2020-26238 Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3. https://nvd.nist.gov/vuln/detail/CVE-2020-26238
CVE-2020-26237 Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release. https://nvd.nist.gov/vuln/detail/CVE-2020-26237
CVE-2020-26235 In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23. https://nvd.nist.gov/vuln/detail/CVE-2020-26235
CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. https://nvd.nist.gov/vuln/detail/CVE-2020-26217
CVE-2020-26212 GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. Steps to reproduce the behavior: 1. Create a new planning with 'eduardo.mozart' user (from 'IT' group that belongs to 'Super-admin') into it's personal planning at 'Assistance' > 'Planning'. 2. Copy the CalDAV url and use a CalDAV client (e.g. Thunderbird) to sync the planning with the provided URL. 3. Inform the username and password from any valid user (e.g. 'camila' from 'Proativa' group). 4. 'Camila' has read-only access to 'eduardo.mozart' personal planning. The same behavior happens to any group. E.g. 'Camila' has access to 'IT' group planning, even if she doesn't belong to this group and has a 'Self-service' profile permission). This issue is fixed in version 9.5.3. As a workaround, one can remove the `caldav.php` file to block access to CalDAV server. https://nvd.nist.gov/vuln/detail/CVE-2020-26212
CVE-2020-25738 CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. https://nvd.nist.gov/vuln/detail/CVE-2020-25738
CVE-2020-25708 A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2020-25708
CVE-2020-25703 The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10. https://nvd.nist.gov/vuln/detail/CVE-2020-25703
CVE-2020-25702 In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10. https://nvd.nist.gov/vuln/detail/CVE-2020-25702
CVE-2020-25701 If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. https://nvd.nist.gov/vuln/detail/CVE-2020-25701
CVE-2020-25700 In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. https://nvd.nist.gov/vuln/detail/CVE-2020-25700
CVE-2020-25699 In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. https://nvd.nist.gov/vuln/detail/CVE-2020-25699
CVE-2020-25698 Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. https://nvd.nist.gov/vuln/detail/CVE-2020-25698
CVE-2020-25654 An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. https://nvd.nist.gov/vuln/detail/CVE-2020-25654
CVE-2020-25653 A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. https://nvd.nist.gov/vuln/detail/CVE-2020-25653
CVE-2020-25652 A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior. https://nvd.nist.gov/vuln/detail/CVE-2020-25652
CVE-2020-25651 A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. https://nvd.nist.gov/vuln/detail/CVE-2020-25651
CVE-2020-25650 A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions. https://nvd.nist.gov/vuln/detail/CVE-2020-25650
CVE-2020-25624 hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. https://nvd.nist.gov/vuln/detail/CVE-2020-25624
CVE-2020-25537 File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. https://nvd.nist.gov/vuln/detail/CVE-2020-25537
CVE-2020-25014 A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet. https://nvd.nist.gov/vuln/detail/CVE-2020-25014
CVE-2020-20739 im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. https://nvd.nist.gov/vuln/detail/CVE-2020-20739
CVE-2020-17901 Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. https://nvd.nist.gov/vuln/detail/CVE-2020-17901
CVE-2020-16850 Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2. https://nvd.nist.gov/vuln/detail/CVE-2020-16850
CVE-2020-16849 An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. https://nvd.nist.gov/vuln/detail/CVE-2020-16849
CVE-2020-15257 containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. https://nvd.nist.gov/vuln/detail/CVE-2020-15257
CVE-2020-14193 Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15. https://nvd.nist.gov/vuln/detail/CVE-2020-14193
CVE-2020-13886 Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. https://nvd.nist.gov/vuln/detail/CVE-2020-13886
CVE-2020-13620 Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration. https://nvd.nist.gov/vuln/detail/CVE-2020-13620
CVE-2020-12262 Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. https://nvd.nist.gov/vuln/detail/CVE-2020-12262
CVE-2020-11867 Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. https://nvd.nist.gov/vuln/detail/CVE-2020-11867
CVE-2020-10772 An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. https://nvd.nist.gov/vuln/detail/CVE-2020-10772