Vulnerability Summary for the Week of September 21, 2020

Released
Sep 28, 2020
Document ID
SB20-272

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aveva -- edna_enterprise_data_historianAn SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter AliasName in Alias.asmx is vulnerable to unauthenticated SQL injection attacks. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.2020-09-247.5CVE-2020-13508
MISC
aveva -- edna_enterprise_data_historianParameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.2020-09-247.5CVE-2020-13505
MISC
aveva -- edna_enterprise_data_historianParameter AttFilterName in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.2020-09-247.5CVE-2020-13503
MISC
aveva -- edna_enterprise_data_historianAn SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.2020-09-247.5CVE-2020-13501
MISC
aveva -- edna_enterprise_data_historianSQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.2020-09-247.5CVE-2020-13500
MISC
aveva -- edna_enterprise_data_historianAn SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.2020-09-247.5CVE-2020-13499
MISC
aveva -- edna_enterprise_data_historianAn SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter OrigID in Alias.asmx is vulnerable to unauthenticated SQL injection attacks An attacker can send unauthenticated HTTP requests to trigger this vulnerability.2020-09-247.5CVE-2020-13507
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.2020-09-247.5CVE-2020-12838
MISC
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.2020-09-247.5CVE-2020-12843
MISC
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.2020-09-247.5CVE-2020-12842
MISC
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.2020-09-247.5CVE-2020-12839
MISC
MISC
google -- androidIn Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1436043312020-09-187.5CVE-2020-0354
MISC
google -- chromeUse after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-219.3CVE-2020-6551
MISC
MISC
FEDORA
google -- chromeUse after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-219.3CVE-2020-6549
MISC
MISC
FEDORA
google -- chromeUse after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-219.3CVE-2020-6550
MISC
MISC
FEDORA
google -- chromeHeap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2020-09-219.3CVE-2020-6548
MISC
MISC
FEDORA
google -- chromeUse after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-219.3CVE-2020-6552
MISC
MISC
FEDORA
google -- chromeUse after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-219.3CVE-2020-6553
MISC
MISC
FEDORA
google -- chromeHeap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-219.3CVE-2020-6556
MISC
MISC
FEDORA
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.2020-09-229CVE-2020-4620
XF
CONFIRM
ozeki -- ozeki_ng_sms_gatewayAn issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files).2020-09-229CVE-2020-14031
MISC
MISC
ozeki -- ozeki_ng_sms_gatewayAn issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.2020-09-229CVE-2020-14028
MISC
MISC
ozeki -- ozeki_ng_sms_gatewayOzeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application.2020-09-229CVE-2020-14022
MISC
MISC
MISC
ozeki -- ozeki_ng_sms_gatewayCSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.2020-09-229.3CVE-2020-14026
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- media_encoderAdobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.2020-09-185.8CVE-2020-9745
MISC
adobe -- media_encoderAdobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.2020-09-185.8CVE-2020-9744
MISC
adobe -- media_encoderAdobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.2020-09-185.8CVE-2020-9739
MISC
buffalo -- airstation_whr-g54s_firmwareDirectory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.2020-09-184CVE-2020-5605
MISC
MISC
buffalo -- airstation_whr-g54s_firmwareCross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.2020-09-184.3CVE-2020-5606
MISC
MISC
corephp -- pago_commerceThe paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.2020-09-186.5CVE-2020-25751
MISC
MISC
cpanel -- cpanelcPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).2020-09-254.3CVE-2020-26115
MISC
cpanel -- cpanelcPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).2020-09-254.3CVE-2020-26114
MISC
gogogate -- ismartgate_pro_firmwareiSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.2020-09-244.3CVE-2020-12280
MISC
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.2020-09-245CVE-2020-12837
MISC
MISC
gogogate -- ismartgate_pro_firmwareiSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)2020-09-246.8CVE-2020-12282
MISC
MISC
gogogate -- ismartgate_pro_firmwareiSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.2020-09-244.3CVE-2020-12281
MISC
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php2020-09-244.3CVE-2020-12840
MISC
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php2020-09-244.3CVE-2020-12841
MISC
MISC
gogogate -- ismartgate_pro_firmwareismartgate PRO 1.5.9 is vulnerable to clickjacking.2020-09-244.3CVE-2020-13119
MISC
MISC
google -- androidIn iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1366580082020-09-184.6CVE-2020-0347
MISC
google -- androidIn NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1487362162020-09-185CVE-2020-0300
MISC
google -- androidIn NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1378687652020-09-186.8CVE-2020-0319
MISC
google -- androidIn NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1394240892020-09-184.6CVE-2020-0350
MISC
google -- androidIn the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1445070812020-09-184.4CVE-2020-0271
MISC
google -- androidIn NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1482946432020-09-184.4CVE-2020-0268
MISC
google -- androidIn NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1574751112020-09-184.6CVE-2020-0405
MISC
google -- androidIn Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1451301192020-09-184.6CVE-2020-0299
MISC
google -- androidIn NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1479959152020-09-184.6CVE-2020-0334
MISC
google -- androidIn NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1391885822020-09-184CVE-2020-0348
MISC
google -- androidIn Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1451292662020-09-184.6CVE-2020-0298
MISC
google -- androidIn NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1223615042020-09-184.6CVE-2020-0335
MISC
google -- androidIn WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1563530082020-09-184.6CVE-2020-0262
MISC
google -- androidIn the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1370156032020-09-184.6CVE-2020-0089
MISC
google -- androidIn the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-336461312020-09-184.9CVE-2020-0318
MISC
google -- androidIn the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1472273202020-09-184.6CVE-2020-0309
MISC
google -- chromeOut of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2020-09-214.3CVE-2020-6555
MISC
MISC
FEDORA
google -- chromeInsufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2020-09-214.3CVE-2020-6571
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chromeInformation leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.2020-09-214.3CVE-2020-6570
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chromeInsufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2020-09-214.3CVE-2020-6562
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chromeInsufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2020-09-214.3CVE-2020-6558
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeInsufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.2020-09-216.8CVE-2020-15961
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeInappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2020-09-214.3CVE-2020-6538
MISC
MISC
FEDORA
google -- chromeHeap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.2020-09-216.8CVE-2020-15960
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeInsufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.2020-09-214.3CVE-2020-15966
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeInsufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.2020-09-214.3CVE-2020-15959
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeUse after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6544
MISC
MISC
FEDORA
google -- chromeUse after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6543
MISC
MISC
FEDORA
google -- chromeIncorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.2020-09-214.3CVE-2020-6547
MISC
MISC
FEDORA
google -- chromeInsufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.2020-09-216.8CVE-2020-15963
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeUse after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6541
MISC
MISC
FEDORA
google -- chromeInsufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.2020-09-216.8CVE-2020-15962
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeUse after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6545
MISC
MISC
FEDORA
google -- chromeUse after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.2020-09-216.8CVE-2020-6554
MISC
MISC
FEDORA
google -- chromeUse after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.2020-09-216.8CVE-2020-6573
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeUse after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6542
MISC
MISC
FEDORA
google -- chromeInsufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-15964
SUSE
SUSE
SUSE
MISC
MISC
google -- chromeBuffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6540
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.2020-09-214.6CVE-2020-6546
MISC
MISC
FEDORA
google -- chromeUse after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6539
MISC
MISC
FEDORA
google -- chromeType confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2020-09-216.8CVE-2020-6537
MISC
MISC
FEDORA
google -- chromeUse after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-216.8CVE-2020-6532
MISC
MISC
FEDORA
google -- chromeType confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.2020-09-216.8CVE-2020-15965
SUSE
SUSE
SUSE
MISC
MISC
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics.2020-09-185CVE-2020-15775
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur.2020-09-185CVE-2020-15771
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path.2020-09-185CVE-2020-15768
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user's password.2020-09-185CVE-2020-15770
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.2020-09-184.3CVE-2020-15769
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure.2020-09-184.6CVE-2020-15774
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.2020-09-184CVE-2020-15773
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration.2020-09-184CVE-2020-15772
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie.2020-09-186.8CVE-2020-15776
MISC
CONFIRM
gradle -- enterpriseAn issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user's anti-CSRF token if the user initiates a cleartext HTTP request.2020-09-184.3CVE-2020-15767
MISC
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983.2020-09-225CVE-2020-4622
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.2020-09-225CVE-2020-4616
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930.2020-09-225.8CVE-2020-4617
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.2020-09-225CVE-2020-4614
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.2020-09-225CVE-2020-4613
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.2020-09-224CVE-2020-4612
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937.2020-09-224CVE-2020-4618
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.2020-09-224CVE-2020-4619
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.2020-09-226.5CVE-2020-4621
XF
CONFIRM
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.2020-09-226.5CVE-2020-4611
XF
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.2020-09-215CVE-2020-4580
XF
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.2020-09-215CVE-2020-4579
XF
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.2020-09-215CVE-2020-4581
XF
CONFIRM
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.2020-09-215CVE-2020-4643
XF
CONFIRM
misp -- mispAn issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.2020-09-185CVE-2020-25766
MISC
MISC
nvidia -- geforce_nowNVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.2020-09-185CVE-2020-5976
CONFIRM
nvidia -- geforce_nowNVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.2020-09-185CVE-2020-5975
CONFIRM
ozeki -- ozeki_ng_sms_gatewayOzeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.2020-09-226.8CVE-2020-14025
MISC
MISC
ozeki -- ozeki_ng_sms_gatewayAn issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.2020-09-184CVE-2020-14021
MISC
MISC
MISC
ozeki -- ozeki_ng_sms_gatewayOzeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.2020-09-224CVE-2020-14023
MISC
MISC
ozeki -- ozeki_ng_sms_gatewayAn issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.2020-09-185CVE-2020-14029
MISC
MISC
ozeki -- ozeki_ng_sms_gatewayOzeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.2020-09-224.3CVE-2020-14024
MISC
MISC
philips -- clinical_collaboration_platformPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.2020-09-184.3CVE-2020-14506
MISC
philips -- clinical_collaboration_platformPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.2020-09-185.8CVE-2020-16198
MISC
rust-lang -- rustAn issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.2020-09-195CVE-2020-25793
MISC
MISC
rust-lang -- rustAn issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().2020-09-195CVE-2020-25792
MISC
MISC
rust-lang -- rustAn issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().2020-09-195CVE-2020-25791
MISC
MISC
rust-lang -- rustAn issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.2020-09-195CVE-2020-25795
MISC
MISC
rust-lang -- rustAn issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.2020-09-195CVE-2020-25796
MISC
MISC
rust-lang -- rustAn issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.2020-09-195CVE-2020-25794
MISC
MISC
safervpn -- safervpnSaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.2020-09-185.5CVE-2020-25744
MISC
MISC
uniqlo -- uniqloUNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.2020-09-184.3CVE-2020-5629
MISC
uniqlo -- uniqloUNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.2020-09-184.3CVE-2020-5628
MISC
webtareas_project -- webtareaswebTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.2020-09-184.3CVE-2020-25735
MISC
MISC
MISC
webtareas_project -- webtareaswebTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.2020-09-185CVE-2020-25733
MISC
MISC
MISC
webtareas_project -- webtareaswebTareas through 2.1 allows files/Default/ Directory Listing.2020-09-185CVE-2020-25734
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google -- androidIn netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1373465802020-09-182.1CVE-2020-0365
MISC
google -- androidIn Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1556509692020-09-182.1CVE-2020-0295
MISC
google -- androidIn NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1445062242020-09-183.5CVE-2020-0282
MISC
google -- androidIn the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1549131302020-09-182.1CVE-2020-0263
MISC
google -- androidIn Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1501558392020-09-182.1CVE-2020-0265
MISC
google -- androidIn Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1516456262020-09-182.1CVE-2020-0269
MISC
google -- androidIn Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1562537842020-09-182.1CVE-2020-0284
MISC
google -- androidIn Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1562534792020-09-182.1CVE-2020-0285
MISC
google -- androidIn the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1549153722020-09-182.1CVE-2020-0294
MISC
google -- androidIn Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1516463752020-09-182.1CVE-2020-0302
MISC
google -- androidIn NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1378577782020-09-183.5CVE-2020-0281
MISC
google -- androidIn Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1516456952020-09-182.1CVE-2020-0304
MISC
google -- androidIn Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1516458672020-09-182.1CVE-2020-0307
MISC
google -- androidIn Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1533564682020-09-182.1CVE-2020-0310
MISC
google -- androidIn InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1538786422020-09-182.1CVE-2020-0311
MISC
google -- androidIn NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1549179892020-09-182.1CVE-2020-0313
MISC
google -- androidIn Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1556420262020-09-182.1CVE-2020-0315
MISC
google -- androidIn Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1549349192020-09-182.1CVE-2020-0316
MISC
google -- androidIn NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1450793092020-09-182.1CVE-2020-0325
MISC
google -- androidIn Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1473093102020-09-182.1CVE-2020-0331
MISC
google -- androidIn NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1391887792020-09-182.1CVE-2020-0349
MISC
ibm -- data_risk_managerIBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.2020-09-223.5CVE-2020-4615
XF
CONFIRM
ozeki -- ozeki_ng_sms_gatewayAn issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.2020-09-223.5CVE-2020-14027
MISC
MISC
philips -- clinical_collaboration_platformPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.2020-09-182.7CVE-2020-14525
MISC
philips -- clinical_collaboration_platformPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.2020-09-183.3CVE-2020-16200
MISC
philips -- clinical_collaboration_platformPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.2020-09-183.6CVE-2020-16247
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acronis -- cyber_backup
 
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.2020-09-21not yet calculatedCVE-2020-16171
MISC
MISC
actfax_communication_software_gmbh -- actfax
 
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to "Everyone". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client.2020-09-24not yet calculatedCVE-2020-15843
MISC
advantech -- webaccess_node
 
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.2020-09-22not yet calculatedCVE-2020-16202
MISC
arista -- cloudvision_portal
 
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.2020-09-22not yet calculatedCVE-2020-24333
MISC
CONFIRM
aruba -- multiple_cx_switches
 
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.2020-09-23not yet calculatedCVE-2020-7122
MISC
aruba -- multiple_cx_switches
 
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.2020-09-23not yet calculatedCVE-2020-7121
MISC
atlassian -- jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1.2020-09-21not yet calculatedCVE-2020-14177
N/A
atlassian -- jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.2020-09-21not yet calculatedCVE-2020-14179
MISC

atlassian -- jira_service_desk_server_and_data_center

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.2020-09-21not yet calculatedCVE-2020-14180
MISC
aveva -- edna_enterprise_data_historian

 

Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.2020-09-24not yet calculatedCVE-2020-13504
MISC
aveva -- edna_enterprise_data_historian
 
An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.2020-09-24not yet calculatedCVE-2020-13502
MISC
aveva -- edna_enterprise_data_historian
 
Parameter psAttribute in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.2020-09-24not yet calculatedCVE-2020-13521
MISC
aveva -- edna_enterprise_data_historian
 
An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.2020-09-24not yet calculatedCVE-2020-6153
MISC
bhyve -- bhyve
 
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.2020-09-25not yet calculatedCVE-2020-24718
MISC
CONFIRM
broadcom -- brocade_fabric_os
 
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.2020-09-25not yet calculatedCVE-2020-15370
MISC
broadcom -- brocade_fabric_os
 
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.2020-09-25not yet calculatedCVE-2020-15369
MISC
broadcom -- brocade_fabric_os
 
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.2020-09-25not yet calculatedCVE-2020-15371
MISC
broadcom -- brocade_fabric_os
 
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.2020-09-25not yet calculatedCVE-2020-15372
MISC
broadcom -- brocade_fabric_os
 
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.2020-09-25not yet calculatedCVE-2020-15373
MISC
broadcom -- brocade_fabric_os
 
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.2020-09-25not yet calculatedCVE-2020-15374
MISC
broadcom -- brocade_sannav
 
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.2020-09-25not yet calculatedCVE-2019-16212
MISC
broadcom -- brocade_sannav
 
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.2020-09-25not yet calculatedCVE-2019-16211
MISC
broadcom  -- brocade_fabric_osA vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.2020-09-25not yet calculatedCVE-2018-6448
MISC
broadcom  -- brocade_fabric_os
 
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers2020-09-25not yet calculatedCVE-2018-6449
MISC
broadcom  -- brocade_fabric_os
 
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.2020-09-25not yet calculatedCVE-2018-6447
MISC
cabot -- cabot
 
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.2020-09-22not yet calculatedCVE-2020-7734
CONFIRM
CONFIRM
CONFIRM
CONFIRM
check_point -- ica_management_portal
 
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.2020-09-24not yet calculatedCVE-2020-6020
MISC
cisco -- 4461_integrated_services_routers
 
A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IPv4 or IPv6 traffic to or through an affected device. An attacker could exploit this vulnerability by sending IP traffic to or through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2020-09-24not yet calculatedCVE-2020-3414
CISCO

cisco -- 800_series_industrial_integrated_services_routers_and_1000_series_connected_grid_routers

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.2020-09-24not yet calculatedCVE-2020-3426
CISCO

cisco -- adaptive_security_appliance_and_firepower_threat_defense

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.2020-09-23not yet calculatedCVE-2019-15992
CISCO
cisco -- aironet_access_point_software
 
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.2020-09-24not yet calculatedCVE-2020-3560
CISCO
cisco -- aironet_access_point_software
 
A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.2020-09-24not yet calculatedCVE-2020-3559
CISCO
cisco -- aironet_access_points_software
 
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.2020-09-24not yet calculatedCVE-2020-3552
CISCO
cisco -- anyconnect_secure_mobility_client
 
A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.2020-09-23not yet calculatedCVE-2019-16007
CISCO
cisco -- asr_1000_series_aggregation_services_routers
 
A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.2020-09-24not yet calculatedCVE-2020-3508
CISCO
cisco -- asr_900_series_aggregation_services_routers
 
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.2020-09-24not yet calculatedCVE-2020-3513
CISCO
cisco -- asr_900_series_aggregation_services_routers
 
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.2020-09-24not yet calculatedCVE-2020-3416
CISCO
cisco -- asyncos_software
 
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device.2020-09-23not yet calculatedCVE-2020-3133
CISCO
cisco -- asyncos_software
 
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser.2020-09-23not yet calculatedCVE-2020-3117
CISCO
cisco -- catalyst_9200_series_switchesA vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery.2020-09-24not yet calculatedCVE-2020-3527
CISCO
cisco -- catalyst_9200_series_switches
 
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.2020-09-24not yet calculatedCVE-2020-3510
CISCO
cisco -- catalyst_9800_series_routers
 
A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.2020-09-24not yet calculatedCVE-2020-3418
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3488
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3493
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.2020-09-24not yet calculatedCVE-2020-3359
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3497
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3399
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3494
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3487
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3486
CISCO
cisco -- catalyst_9800_series_wireless_controllers
 
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.2020-09-24not yet calculatedCVE-2020-3489
CISCO
cisco -- catalyst_9800_series_wireless_controllers_and_and_wireless_LAN_controllers
 
A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by spoofing the address of an existing Access Point on the network and sending a Control and Provisioning of Wireless Access Points (CAPWAP) packet that includes a crafted Flexible NetFlow Version 9 record to an affected device. A successful exploit could allow the attacker to cause a process crash that would lead to a reload of the device.2020-09-24not yet calculatedCVE-2020-3492
CISCO
cisco -- cbr-8_converged_broadband_routers
 
A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are parsed. An attacker could exploit this vulnerability by sending a malicious DHCPv4 message to or through a WAN interface of an affected device. A successful exploit could allow the attacker to cause a reload of the affected device. Note: On Cisco cBR-8 Converged Broadband Routers, all of the following are considered WAN interfaces: 10 Gbps Ethernet interfaces 100 Gbps Ethernet interfaces Port channel interfaces that include multiple 10 and/or 100 Gbps Ethernet interfaces2020-09-24not yet calculatedCVE-2020-3509
CISCO
cisco -- cbr-8_converged_broadband_routers
 
A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the attacker to crash the device.2020-09-24not yet calculatedCVE-2020-3526
CISCO
cisco -- email_security_appliance
 
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA.2020-09-23not yet calculatedCVE-2019-1947
CISCO
cisco -- email_security_appliance
 
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.2020-09-23not yet calculatedCVE-2020-3137
CISCO
cisco -- email_security_appliance_and_content_security_management_appliance
 
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation.2020-09-23not yet calculatedCVE-2019-1983
CISCO
cisco -- emergency_responder
 
A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.2020-09-23not yet calculatedCVE-2019-16025
CISCO
cisco -- firepower_management_center
 
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.2020-09-23not yet calculatedCVE-2019-16028
CISCO
cisco -- hosted_collaboration_mediation_fulfillment
 
A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.2020-09-23not yet calculatedCVE-2020-3124
CISCO
cisco -- ios_and_ios_xe_software
 
A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition.2020-09-24not yet calculatedCVE-2020-3479
CISCO
cisco -- ios_and_ios_xe_software
 
A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.2020-09-23not yet calculatedCVE-2019-16009
CISCO
cisco -- ios_and_ios_xe_software
 
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2020-09-24not yet calculatedCVE-2020-3408
CISCO
cisco -- ios_and_ios_xe_software
 
A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.2020-09-24not yet calculatedCVE-2020-3511
CISCO
cisco -- ios_and_ios_xe_software
 
A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.2020-09-24not yet calculatedCVE-2020-3512
CISCO
cisco -- ios_and_ios_xe_software
 
A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.2020-09-24not yet calculatedCVE-2020-3409
CISCO
cisco -- ios_and_ios_xe_software
 
A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.2020-09-24not yet calculatedCVE-2020-3477
CISCO
cisco -- ios_xe_softwareMultiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-24not yet calculatedCVE-2020-3480
CISCO
cisco -- ios_xe_softwareMultiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-24not yet calculatedCVE-2020-3474
CISCO
cisco -- ios_xe_softwareMultiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-24not yet calculatedCVE-2020-3475
CISCO
cisco -- ios_xe_software
 
A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.2020-09-24not yet calculatedCVE-2020-3393
CISCO
cisco -- ios_xe_software
 
A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.2020-09-24not yet calculatedCVE-2020-3503
CISCO
cisco -- ios_xe_software
 
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.2020-09-24not yet calculatedCVE-2020-3403
CISCO
cisco -- ios_xe_software
 
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user.2020-09-24not yet calculatedCVE-2020-3400
CISCO
cisco -- ios_xe_software
 
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-24not yet calculatedCVE-2020-3141
CISCO
cisco -- ios_xe_software
 
A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.2020-09-24not yet calculatedCVE-2020-3423
CISCO
cisco -- ios_xe_software
 
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-24not yet calculatedCVE-2020-3425
CISCO
cisco -- ios_xe_software
 
A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges.2020-09-24not yet calculatedCVE-2020-3404
CISCO
cisco -- ios_xe_software
 
A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server.2020-09-24not yet calculatedCVE-2020-3516
CISCO
cisco -- ios_xe_software
 
A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.2020-09-24not yet calculatedCVE-2020-3396
CISCO
cisco -- ios_xe_software
 
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2020-09-24not yet calculatedCVE-2020-3407
CISCO
cisco -- ios_xe_software
 
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.2020-09-24not yet calculatedCVE-2020-3417
CISCO
cisco -- ios_xe_software
 
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2020-09-24not yet calculatedCVE-2020-3465
CISCO
cisco -- ios_xe_software
 
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.2020-09-24not yet calculatedCVE-2020-3421
CISCO
cisco -- ios_xe_software
 
A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition.2020-09-24not yet calculatedCVE-2020-3422
CISCO
cisco -- ios_xe_software
 
A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.2020-09-24not yet calculatedCVE-2020-3476
CISCO
cisco -- ios_xe_wireless_controller_software
 
A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x or pre-shared key (PSK) authentication key management (AKM) with 802.11r BSS Fast Transition (FT) enabled. An attacker could exploit this vulnerability by sending a crafted authentication packet to an affected device. A successful exploit could cause an affected device to reload, resulting in a DoS condition.2020-09-24not yet calculatedCVE-2020-3429
CISCO
cisco -- ios_xe_wireless_controller_software
 
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition.2020-09-24not yet calculatedCVE-2020-3390
CISCO
cisco -- ios_xe_wireless_controller_software
 
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition.2020-09-24not yet calculatedCVE-2020-3428
CISCO
cisco -- ios_xr_software
 
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.2020-09-23not yet calculatedCVE-2019-16023
CISCO
cisco -- ios_xr_software
 
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.2020-09-23not yet calculatedCVE-2019-16021
CISCO
cisco -- ios_xr_software
 
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.2020-09-23not yet calculatedCVE-2020-3569
CISCO
cisco -- ios_xr_software
 
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.2020-09-23not yet calculatedCVE-2019-16019
CISCO
cisco -- managed_services_accelerator
 
A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.2020-09-23not yet calculatedCVE-2019-15974
CISCO
cisco -- multiple_products
 
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.2020-09-23not yet calculatedCVE-2020-3143
CISCO
cisco -- multiple_routers
 
A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.2020-09-24not yet calculatedCVE-2020-3524
CISCO
cisco -- network_recording_player_and_webex_player
 
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2020-09-23not yet calculatedCVE-2019-15287
CISCO
cisco -- network_recording_player_and_webex_player
 
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2020-09-23not yet calculatedCVE-2019-15285
CISCO
cisco -- small_business_rv_series_routers
 
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.2020-09-23not yet calculatedCVE-2019-15957
CISCO
cisco -- small_business_spa500_series_ip_phones
 
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.2020-09-23not yet calculatedCVE-2019-15959
CISCO
cisco -- small_business_switches
 
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.2020-09-23not yet calculatedCVE-2019-15993
CISCO

cisco -- telepresence_collaboration_endpoint_and_roomos_software

Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device.2020-09-23not yet calculatedCVE-2019-15289
CISCO
cisco -- ucs_c-series_rack_servers
 
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.2020-09-23not yet calculatedCVE-2019-1736
CISCO
cisco -- umbrella_roaming_client
 
A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.2020-09-23not yet calculatedCVE-2019-16000
CISCO
cisco -- unified_communications_manager
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.2020-09-23not yet calculatedCVE-2019-15963
CISCO
cisco -- unified_comunications_manager
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.2020-09-23not yet calculatedCVE-2020-3135
CISCO
cisco -- unified_contact_center_express
 
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root.2020-09-23not yet calculatedCVE-2019-1888
CISCO
cisco -- unified_customer_voice_portal
 
A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validation on specific pages of the OAMP application. An attacker could exploit this vulnerability by authenticating to Cisco Unified CVP and sending crafted HTTP requests. A successful exploit could allow an attacker with administrator or read-only privileges to learn information outside of their expected scope. An attacker with administrator privileges could modify certain configuration details of resources outside of their defined scope, which could result in a denial of service (DoS) condition.2020-09-23not yet calculatedCVE-2019-16017
CISCO
cisco -- unity_connection
 
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system.2020-09-23not yet calculatedCVE-2020-3130
CISCO
cisco -- vision_dynamic_signage_director
 
A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.2020-09-23not yet calculatedCVE-2019-16004
CISCO
cisco -- web_security_appliance
 
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information.2020-09-23not yet calculatedCVE-2019-15969
CISCO
cisco -- webex
 
A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly.2020-09-23not yet calculatedCVE-2020-3116
CISCO

cisco -- webex_network_recording_player_and_webex_player

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2020-09-23not yet calculatedCVE-2019-15283
CISCO
citrix -- multiple_products
 
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.2020-09-18not yet calculatedCVE-2020-8247
MISC
citrix -- multiple_products
 
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.2020-09-18not yet calculatedCVE-2020-8246
MISC
citrix -- multiple_products
 
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.2020-09-18not yet calculatedCVE-2020-8245
MISC
citrix -- storefront_server
 
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.2020-09-18not yet calculatedCVE-2020-8200
MISC
citrix -- xenmobile_server
 
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.2020-09-18not yet calculatedCVE-2020-8253
MISC
cpanel -- cpanelcPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).2020-09-25not yet calculatedCVE-2020-26106
MISC
cpanel -- cpanel
 
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).2020-09-25not yet calculatedCVE-2020-26100
MISC
cpanel -- cpanel
 
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).2020-09-25not yet calculatedCVE-2020-26101
MISC
cpanel -- cpanel
 
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).2020-09-25not yet calculatedCVE-2020-26113
MISC
cpanel -- cpanel
 
The email quota cache in cPanel before 90.0.10 allows overwriting of files.2020-09-25not yet calculatedCVE-2020-26112
MISC
cpanel -- cpanel
 
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).2020-09-25not yet calculatedCVE-2020-26111
MISC
cpanel -- cpanel
 
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).2020-09-25not yet calculatedCVE-2020-26110
MISC
cpanel -- cpanel
 
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).2020-09-25not yet calculatedCVE-2020-26109
MISC
cpanel -- cpanel
 
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).2020-09-25not yet calculatedCVE-2020-26107
MISC
cpanel -- cpanel
 
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).2020-09-25not yet calculatedCVE-2020-26098
MISC
cpanel -- cpanel
 
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).2020-09-25not yet calculatedCVE-2020-26105
MISC
cpanel -- cpanel
 
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).2020-09-25not yet calculatedCVE-2020-26108
MISC
cpanel -- cpanel
 
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).2020-09-25not yet calculatedCVE-2020-26104
MISC
cpanel -- cpanel
 
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).2020-09-25not yet calculatedCVE-2020-26103
MISC
cpanel -- cpanel
 
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).2020-09-25not yet calculatedCVE-2020-26099
MISC
cpanel -- cpanel
 
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).2020-09-25not yet calculatedCVE-2020-26102
MISC
d-link -- multiple_devices
 
** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.2020-09-19not yet calculatedCVE-2020-25786
MISC
MISC
f5 -- big-ip
 
In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.2020-09-25not yet calculatedCVE-2020-5930
MISC
f5 -- big-ip
 
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.2020-09-25not yet calculatedCVE-2020-5929
MISC
fortiguard -- fortinac
 
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.2020-09-24not yet calculatedCVE-2020-12816
CONFIRM
fortiguard -- fortitester
 
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.2020-09-24not yet calculatedCVE-2020-12815
CONFIRM
fortiguard  -- fortianalyzer
 
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.2020-09-24not yet calculatedCVE-2020-12817
CONFIRM
fortiguard  -- fortigate
 
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.2020-09-24not yet calculatedCVE-2020-12818
CONFIRM
fortiguard  -- fortimanager_and_fortianalyzer
 
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.2020-09-24not yet calculatedCVE-2020-12811
CONFIRM
gemtek -- wrtm-127acn_and_wrtm-127x9_devices
 
An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)2020-09-24not yet calculatedCVE-2020-24365
MISC
general_electric -- digital_apm_classic
 
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.2020-09-23not yet calculatedCVE-2020-16240
MISC
general_electric -- digital_apm_classic
 
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords.2020-09-23not yet calculatedCVE-2020-16244
MISC
general_electric -- reason_s20_ethernet_switch
 
The affected product is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.2020-09-25not yet calculatedCVE-2020-16242
MISC
getsimple -- getsimple_cms
 
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.2020-09-25not yet calculatedCVE-2020-23837
MISC
MISC
glpi -- glpi
 
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.2020-09-23not yet calculatedCVE-2020-11031
MISC
CONFIRM

gon_gem_for_ruby_on_rails -- gon_gem_for_ruby_on_rails

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.2020-09-23not yet calculatedCVE-2020-25739
CONFIRM
MLIST
google -- android
 
The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.2020-09-25not yet calculatedCVE-2020-25203
MISC
MISC
google -- chromeInsufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6567
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6576
SUSE
SUSE
SUSE
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6566
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6569
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6563
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6568
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6575
SUSE
SUSE
SUSE
MISC
MISC
google -- chrome
 
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6561
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.2020-09-21not yet calculatedCVE-2020-6574
SUSE
SUSE
SUSE
MISC
MISC
google -- chrome
 
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6565
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6560
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6564
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
google -- chrome
 
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2020-09-21not yet calculatedCVE-2020-6559
SUSE
SUSE
SUSE
MISC
MISC
FEDORA
hak5 -- wifi_pineapple_mark_vii
 
A Directory Traversal issue was discovered on Hak5 WiFi Pineapple Mark VII 1.x before 1.0.1-beta.2020091914551 devices. An unauthenticated user can connect to the wireless management network, including the open wireless network, and access all files and subdirectories under /pineapple/ui, regardless of file permissions.2020-09-25not yet calculatedCVE-2020-25726
MISC
MISC
hewlett_packard -- pay_per_use_utility_computing_service
 
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.2020-09-23not yet calculatedCVE-2020-24624
MISC
hewlett_packard -- pay_per_use_utility_computing_service
 
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.2020-09-23not yet calculatedCVE-2020-24625
MISC
hewlett_packard -- pay_per_use_utility_computing_service
 
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.2020-09-23not yet calculatedCVE-2020-24626
MISC
hewlett_packard -- universal_api_framework
 
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).2020-09-18not yet calculatedCVE-2020-24623
MISC
MISC
ibm -- aspera_web_application
 
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.2020-09-21not yet calculatedCVE-2020-4731
XF
CONFIRM
ibm -- business_automation_content_analyzer
 
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234.2020-09-21not yet calculatedCVE-2020-4315
XF
CONFIRM
ibm -- business_automation_workflow_and_business_process_manager
 
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.2020-09-25not yet calculatedCVE-2020-4531
XF
CONFIRM
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.2020-09-25not yet calculatedCVE-2020-4727
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.2020-09-23not yet calculatedCVE-2020-4340
XF
CONFIRM
ibm -- security_secret_server
 
IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.2020-09-23not yet calculatedCVE-2020-4324
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.2020-09-21not yet calculatedCVE-2020-4590
XF
CONFIRM
ignitenet -- helios_glinq
 
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.2020-09-23not yet calculatedCVE-2020-5781
MISC
ignitenet -- helios_glinq
 
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection.2020-09-23not yet calculatedCVE-2020-5782
MISC
ignitenet -- helios_glinq
 
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.2020-09-23not yet calculatedCVE-2020-5783
MISC
jenkins -- jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.2020-09-23not yet calculatedCVE-2020-2280
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2020-09-23not yet calculatedCVE-2020-2284
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.2020-09-23not yet calculatedCVE-2020-2283
MLIST
CONFIRM
jenkins -- jenkins
 
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.2020-09-23not yet calculatedCVE-2020-2282
MLIST
CONFIRM
jenkins -- jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.2020-09-23not yet calculatedCVE-2020-2281
MLIST
CONFIRM
jenkins -- jenkins
 
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.2020-09-23not yet calculatedCVE-2020-2279
MLIST
CONFIRM
jenkins -- jenkins
 
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2020-09-23not yet calculatedCVE-2020-2285
MLIST
CONFIRM
jerryscript -- jerryscriptvm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.2020-09-24not yet calculatedCVE-2020-13991
CONFIRM
MISC
MISC
MISC
MISC
joomla -- joomla!
 
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.2020-09-24not yet calculatedCVE-2020-19447
MISC
joomla -- joomla!
 
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.2020-09-25not yet calculatedCVE-2020-19455
MISC
joomla -- joomla!
 
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.2020-09-25not yet calculatedCVE-2020-19450
MISC
joomla -- joomla!
 
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.2020-09-25not yet calculatedCVE-2020-19451
MISC
joplin -- joplin
 
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.2020-09-24not yet calculatedCVE-2020-15930
MISC
CONFIRM
json-bigint -- json-bigint
 
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.2020-09-18not yet calculatedCVE-2020-8237
MISC
lenovo -- desktops_and_thinkstation
 
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution2020-09-24not yet calculatedCVE-2020-8333
CONFIRM
lenovo -- enterprise_network_disk
 
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.2020-09-24not yet calculatedCVE-2020-8347
CONFIRM
lenovo -- enterprise_network_disk
 
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.2020-09-24not yet calculatedCVE-2020-8348
CONFIRM
libuv -- libuv
 
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.2020-09-18not yet calculatedCVE-2020-8252
MISC
MISC
liferay -- liferay_portal_and_liferay_dxp
 
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.2020-09-24not yet calculatedCVE-2020-15840
CONFIRM
MISC
CONFIRM
liferay -- liferay_portal_and_liferay_dxp
 
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.2020-09-22not yet calculatedCVE-2020-15839
MISC
MISC
MISC
CONFIRM
linux -- linux_kernel
 
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.2020-09-24not yet calculatedCVE-2020-26088
MISC
MISC
micro_focus -- operation_agent
 
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.2020-09-18not yet calculatedCVE-2020-11861
MISC
micro_focus -- operation_bridge_reporter
 
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user2020-09-22not yet calculatedCVE-2020-11857
MISC
MISC
micro_focus -- operation_bridge_reporter
 
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.2020-09-22not yet calculatedCVE-2020-11856
MISC
MISC
micro_focus -- operation_bridge_reporter
 
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.2020-09-22not yet calculatedCVE-2020-11855
MISC
MISC
mitel -- micloud_management_portal
 
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.2020-09-25not yet calculatedCVE-2020-24595
MISC
CONFIRM
mitel -- micloud_management_portal
 
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.2020-09-25not yet calculatedCVE-2020-24593
MISC
CONFIRM
mitel -- micloud_management_portal
 
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.2020-09-25not yet calculatedCVE-2020-24592
MISC
CONFIRM
mitel -- micloud_management_portal
 
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.2020-09-25not yet calculatedCVE-2020-24594
MISC
CONFIRM
mitel -- micontact_center_business
 
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.2020-09-25not yet calculatedCVE-2020-24692
MISC
CONFIRM
nakivo -- backup_and_replication_director
 
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.2020-09-24not yet calculatedCVE-2020-15850
MISC
nakivo -- backup_and_replication_transporter
 
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.2020-09-24not yet calculatedCVE-2020-15851
MISC
nextcloud -- desktop_client
 
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.2020-09-18not yet calculatedCVE-2020-8225
MISC
MISC
ng-packagr -- ng-packagr
 
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.2020-09-25not yet calculatedCVE-2020-7735
CONFIRM
CONFIRM
node.js -- node.js
 
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.2020-09-18not yet calculatedCVE-2020-8251
MISC
MISC
node.js -- node.js
 
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.2020-09-18not yet calculatedCVE-2020-8201
MISC
MISC
oauth-ruby_gem_for_ruby_on_rails -- oauth-ruby_gem_for_ruby_on_railslib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.2020-09-24not yet calculatedCVE-2016-11086
MISC
observium -- multiple_productsAn issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php.2020-09-25not yet calculatedCVE-2020-25132
MISC
observium -- multiple_productsAn issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.2020-09-25not yet calculatedCVE-2020-25134
MISC
observium -- multiple_productsAn issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.2020-09-25not yet calculatedCVE-2020-25141
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.2020-09-25not yet calculatedCVE-2020-25148
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php.2020-09-25not yet calculatedCVE-2020-25136
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php.2020-09-25not yet calculatedCVE-2020-25147
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.2020-09-25not yet calculatedCVE-2020-25146
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php.2020-09-25not yet calculatedCVE-2020-25145
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php.2020-09-25not yet calculatedCVE-2020-25143
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.2020-09-25not yet calculatedCVE-2020-25140
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php.2020-09-25not yet calculatedCVE-2020-25139
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.2020-09-25not yet calculatedCVE-2020-25142
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.2020-09-25not yet calculatedCVE-2020-25137
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.2020-09-25not yet calculatedCVE-2020-25149
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.2020-09-25not yet calculatedCVE-2020-25135
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php.2020-09-25not yet calculatedCVE-2020-25133
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI.2020-09-25not yet calculatedCVE-2020-25131
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field.2020-09-25not yet calculatedCVE-2020-25130
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.2020-09-25not yet calculatedCVE-2020-25138
MISC
observium -- multiple_products
 
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs.2020-09-25not yet calculatedCVE-2020-25144
MISC
openmrs -- openmrs
 
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.2020-09-25not yet calculatedCVE-2020-24621
MISC
MISC
MISC
MISC
MISC
ory -- fosite
 
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.02020-09-24not yet calculatedCVE-2020-15223
MISC
CONFIRM
MISC
ory -- fosite
 
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0.2020-09-24not yet calculatedCVE-2020-15222
MISC
CONFIRM
MISC
pagure -- pagure
 
Pagure before 5.6 allows XSS via the templates/blame.html blame view.2020-09-25not yet calculatedCVE-2019-11556
CONFIRM
CONFIRM
MISC
pango -- hotspot_shield_vpn
 
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.2020-09-24not yet calculatedCVE-2020-17365
MISC
peg-markdown -- peg-markdown
 
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2020-09-23not yet calculatedCVE-2020-25821
MISC
pexip -- infinity
 
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.2020-09-24not yet calculatedCVE-2015-4719
MISC
pexip -- infinity
 
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.2020-09-25not yet calculatedCVE-2020-13387
CONFIRM
MISC
pexip -- infinity
 
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.2020-09-25not yet calculatedCVE-2019-7178
MISC
CONFIRM
pexip -- infinity
 
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.2020-09-25not yet calculatedCVE-2017-17477
CONFIRM
CONFIRM
pexip -- infinity
 
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).2020-09-25not yet calculatedCVE-2018-10432
CONFIRM
MISC
pexip -- infinity
 
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).2020-09-25not yet calculatedCVE-2018-10585
CONFIRM
MISC
pexip -- infinity
 
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.2020-09-25not yet calculatedCVE-2020-24615
CONFIRM
MISC
pexip -- infinity
 
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.2020-09-25not yet calculatedCVE-2020-12824
CONFIRM
MISC
pexip -- infinity
 
Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.2020-09-25not yet calculatedCVE-2019-7177
MISC
CONFIRM
pexip -- reverse_proxy_and_turn_server
 
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.2020-09-25not yet calculatedCVE-2020-11805
CONFIRM
phpgurukul -- zoo_management_system
 
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.2020-09-22not yet calculatedCVE-2020-25487
MISC
MISC
MISC
ping_identity -- pingid_integration_for_windows_login
 
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.2020-09-23not yet calculatedCVE-2020-25826
MISC
MISC
podman -- podman
 
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.2020-09-23not yet calculatedCVE-2020-14370
MISC
prestashop -- prestashop

 

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.2020-09-24not yet calculatedCVE-2020-15162
MISC
MISC
CONFIRM
prestashop -- prestashop

 

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.82020-09-24not yet calculatedCVE-2020-15161
MISC
MISC
CONFIRM
prestashop -- prestashop
 
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.82020-09-24not yet calculatedCVE-2020-15160
MISC
MISC
CONFIRM
qemu -- qemu
 
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.2020-09-25not yet calculatedCVE-2020-25625
CONFIRM
MISC
qemu -- qemu
 
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.2020-09-25not yet calculatedCVE-2020-25084
CONFIRM
MISC
qemu -- qemu
 
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.2020-09-25not yet calculatedCVE-2020-25085
CONFIRM
MISC
MISC
red_hat -- ansible_engine
 
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.2020-09-23not yet calculatedCVE-2020-14365
MISC
red_hat -- undertow
 
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.2020-09-23not yet calculatedCVE-2020-10687
MISC
rubetek -- multiple_camerasThe Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.2020-09-25not yet calculatedCVE-2020-25749
MISC
rubetek -- multiple_cameras
 
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.2020-09-25not yet calculatedCVE-2020-25748
MISC
rubetek -- multiple_cameras
 
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.2020-09-25not yet calculatedCVE-2020-25747
MISC
shotcut -- shotcut
 
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.2020-09-22not yet calculatedCVE-2020-24619
MISC
CONFIRM
sophos -- sg_utm
 
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR112020-09-25not yet calculatedCVE-2020-25223
MISC
CONFIRM
sourcecodester -- simple_library_management_system
 
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.2020-09-22not yet calculatedCVE-2020-25514
MISC
MISC
MISC
sourcecodester -- simple_library_management_system
 
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.2020-09-22not yet calculatedCVE-2020-25515
MISC
MISC
MISC
spring -- framework
 
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.2020-09-19not yet calculatedCVE-2020-5421
CONFIRM
telestream -- tektronix_medius_and_sentry
 
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).2020-09-22not yet calculatedCVE-2020-8887
MISC

telmat -- accesslog

The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.2020-09-24not yet calculatedCVE-2020-16148
MISC
telmat -- accesslog
 
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.2020-09-24not yet calculatedCVE-2020-16147
MISC
tensorflow -- tensorflowIn Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.2020-09-25not yet calculatedCVE-2020-15199
MISC
MISC
CONFIRM
tensorflow -- tensorflowIn Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."2020-09-25not yet calculatedCVE-2020-15194
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15205
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15190
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15191
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15192
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15193
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15204
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.2020-09-25not yet calculatedCVE-2020-15196
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.2020-09-25not yet calculatedCVE-2020-15198
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15195
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.2020-09-25not yet calculatedCVE-2020-15200
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.2020-09-25not yet calculatedCVE-2020-15201
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15202
MISC
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15203
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15206
MISC
MISC
CONFIRM
tensorflow -- tensorflow
 
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.2020-09-25not yet calculatedCVE-2020-15197
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.2020-09-25not yet calculatedCVE-2020-15214
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.2020-09-25not yet calculatedCVE-2020-15213
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.2020-09-25not yet calculatedCVE-2020-15212
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15209
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15210
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15208
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.2020-09-25not yet calculatedCVE-2020-15207
MISC
MISC
CONFIRM
tensorflow -- tensorflow_lite
 
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.2020-09-25not yet calculatedCVE-2020-15211
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
tiny -- tiny_rss
 
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.2020-09-19not yet calculatedCVE-2020-25789
MISC
MISC
tiny -- tiny_rss
 
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.2020-09-19not yet calculatedCVE-2020-25788
MISC
MISC
tiny -- tiny_rss
 
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.2020-09-19not yet calculatedCVE-2020-25787
MISC
MISC
trend_micro -- security_2019
 
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.2020-09-24not yet calculatedCVE-2020-15604
MISC
MISC
MISC
MISC
trend_micro -- security_2019
 
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.2020-09-24not yet calculatedCVE-2020-24560
MISC
MISC
MISC
MISC
typeorm -- typeorm
 
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.2020-09-18not yet calculatedCVE-2020-8158
MISC
typesetter -- typesetter
 
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2.2020-09-19not yet calculatedCVE-2020-25790
MISC

u.s._airforce_research_lab -- sensor_data_management_system_website

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.2020-09-25not yet calculatedCVE-2020-13995
MISC
untis -- webuntis
 
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.2020-09-24not yet calculatedCVE-2020-22453
MISC
MISC
verint -- workforce_optimization
 
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API2020-09-22not yet calculatedCVE-2020-23446
MISC
MISC
MISC
vmware -- horizon_daas
 
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.2020-09-22not yet calculatedCVE-2020-3977
MISC
wildfly -- elytron
 
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2020-09-23not yet calculatedCVE-2020-10714
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability.2020-09-23not yet calculatedCVE-2020-25602
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.2020-09-23not yet calculatedCVE-2020-25596
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.2020-09-23not yet calculatedCVE-2020-25604
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.2020-09-23not yet calculatedCVE-2020-25603
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.2020-09-23not yet calculatedCVE-2020-25599
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.2020-09-23not yet calculatedCVE-2020-25601
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.2020-09-23not yet calculatedCVE-2020-25600
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.2020-09-23not yet calculatedCVE-2020-25598
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.2020-09-23not yet calculatedCVE-2020-25597
FEDORA
MISC
xen -- xen
 
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.2020-09-23not yet calculatedCVE-2020-25595
FEDORA
MISC
ygopro -- ygocore
 
An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.2020-09-23not yet calculatedCVE-2020-24213
MISC
zoho -- manageengine_applications_manager
 
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .2020-09-25not yet calculatedCVE-2020-15521
MISC
CONFIRM
zoho -- manageengine_applications_manager
 
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.2020-09-25not yet calculatedCVE-2020-15394
MISC
CONFIRM
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.