6-22 VB HIGH, MEDIUM, and LOW Tables
Released
Jun 22, 2020
Document ID
NA
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | 2020-06-17 | 10 | CVE-2020-11897 MISC CISCO MISC MISC MISC |
| geovision -- door_access_control_device | GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. | 2020-06-12 | 10 | CVE-2020-3928 MISC |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724. | 2020-06-15 | 10 | CVE-2020-4469 XF CONFIRM MISC |
| adobe -- flash_player | Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 10 | CVE-2020-9633 CONFIRM GENTOO |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. | 2020-06-17 | 9.3 | CVE-2020-11896 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. | 2020-06-17 | 9.3 | CVE-2020-11901 MISC CISCO MISC MISC MISC |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. | 2020-06-15 | 9 | CVE-2020-14075 MISC MISC |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | 2020-06-15 | 9 | CVE-2020-14081 MISC |
| schneider_electric -- easergy_t300 | A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. | 2020-06-16 | 9 | CVE-2020-7505 MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25. | 2020-06-18 | 7.7 | CVE-2020-14434 CONFIRM |
| opensuse -- leap | An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. | 2020-06-18 | 7.5 | CVE-2017-9103 SUSE MISC CONFIRM CONFIRM |
| opensuse -- leap | An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. | 2020-06-18 | 7.5 | CVE-2017-9104 SUSE MISC CONFIRM CONFIRM |
| adns -- adns | An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. | 2020-06-18 | 7.5 | CVE-2017-9105 MISC CONFIRM CONFIRM |
| opensuse -- leap | An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. | 2020-06-18 | 7.5 | CVE-2017-9109 SUSE MISC CONFIRM CONFIRM |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. | 2020-06-17 | 7.5 | CVE-2020-11902 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | 2020-06-17 | 7.5 | CVE-2020-11904 MISC CISCO MISC MISC MISC |
| advantech -- webaccess_node | WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 2020-06-15 | 7.5 | CVE-2020-12019 MISC |
| lansweeper -- lansweeper | Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. | 2020-06-15 | 7.5 | CVE-2020-14011 MISC MISC |
| meetecho -- janus_webrtc_server | An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server. | 2020-06-15 | 7.5 | CVE-2020-14033 MISC MISC CONFIRM |
| meetecho -- janus_webrtc_server | An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet. | 2020-06-15 | 7.5 | CVE-2020-14034 MISC MISC CONFIRM |
| naviwebs -- navigate_cms | The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | 2020-06-15 | 7.5 | CVE-2020-14067 MISC |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key. | 2020-06-15 | 7.5 | CVE-2020-14080 MISC MISC |
| pcre -- libpcre | libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 2020-06-15 | 7.5 | CVE-2020-14155 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | 2020-06-17 | 7.5 | CVE-2020-14401 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | 2020-06-17 | 7.5 | CVE-2020-14402 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | 2020-06-17 | 7.5 | CVE-2020-14403 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | 2020-06-17 | 7.5 | CVE-2020-14404 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | 2020-06-17 | 7.5 | CVE-2020-14405 MISC MISC |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. | 2020-06-15 | 7.5 | CVE-2020-4216 XF CONFIRM MISC |
| schneider_electric -- ecostruxure_operator_terminal_expert | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. | 2020-06-16 | 7.5 | CVE-2020-7497 MISC |
| schneider_electric -- easergy_t300 | A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | 2020-06-16 | 7.5 | CVE-2020-7512 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| wordpress -- wordpress | The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | 2020-06-15 | 6.8 | CVE-2019-19109 MISC |
| sanitize -- sanitize | In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1. | 2020-06-16 | 6.8 | CVE-2020-4054 MISC MISC CONFIRM |
| schneider_electric -- ecostruxture_operator_terminal_expert | A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 2020-06-16 | 6.8 | CVE-2020-7493 MISC |
| schneider_electric -- ecostruxture_operator_terminal_expert | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 2020-06-16 | 6.8 | CVE-2020-7494 MISC |
| schneider_electric -- ecostruxture_operator_terminal_expert | A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file. | 2020-06-16 | 6.8 | CVE-2020-7496 MISC |
| schneider_electric -- easergy_t300 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. | 2020-06-16 | 6.8 | CVE-2020-7503 MISC |
| adobe -- framemaker | Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 6.8 | CVE-2020-9634 CONFIRM |
| adobe -- framemaker | Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 6.8 | CVE-2020-9635 CONFIRM |
| adobe -- framemaker | Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2020-06-12 | 6.8 | CVE-2020-9636 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels. | 2020-06-19 | 6.5 | CVE-2019-20842 CONFIRM |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key. | 2020-06-15 | 6.5 | CVE-2020-14074 MISC MISC |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key. | 2020-06-15 | 6.5 | CVE-2020-14076 MISC MISC MISC MISC |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key. | 2020-06-15 | 6.5 | CVE-2020-14077 MISC MISC |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. | 2020-06-15 | 6.5 | CVE-2020-14078 MISC MISC |
| trendnet -- tew-827dru_devices | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key. | 2020-06-15 | 6.5 | CVE-2020-14079 MISC MISC MISC MISC |
| cacti -- cacti | A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. | 2020-06-17 | 6.5 | CVE-2020-14295 MISC |
| schneider-electric -- easergy_t300 | A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | 2020-06-16 | 6.5 | CVE-2020-7509 MISC |
| apsis -- pound | Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. | 2020-06-15 | 6.4 | CVE-2018-21245 MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. | 2020-06-17 | 6.4 | CVE-2020-11898 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. | 2020-06-17 | 6.4 | CVE-2020-11900 MISC CISCO CONFIRM MISC MISC MISC |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726. | 2020-06-15 | 6.4 | CVE-2020-4471 XF CONFIRM MISC |
| xnview -- xnview | A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. | 2020-06-12 | 6 | CVE-2020-10752 CONFIRM CONFIRM |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725. | 2020-06-15 | 6 | CVE-2020-4470 XF CONFIRM MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. | 2020-06-17 | 5.8 | CVE-2020-11906 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. | 2020-06-17 | 5.8 | CVE-2020-11907 MISC CISCO MISC MISC MISC |
| ljg -- libipeg | In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cjpeg mishandles EOF. | 2020-06-15 | 5.8 | CVE-2020-14151 MISC MISC |
| ljg -- libipeg | In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | 2020-06-15 | 5.8 | CVE-2020-14152 MISC MISC |
| ljg -- libipeg | In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds array read for certain table pointers. | 2020-06-15 | 5.8 | CVE-2020-14153 MISC MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14429 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104. | 2020-06-18 | 5.8 | CVE-2020-14435 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14436 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14437 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14438 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14439 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14440 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14441 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 5.8 | CVE-2020-14442 CONFIRM |
| omero -- omero | In OMERO before 5.6.1, group owners can access members' data in other groups. | 2020-06-17 | 5.5 | CVE-2020-6752 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25. | 2020-06-18 | 5.2 | CVE-2020-14433 CONFIRM |
| adns -- adns | An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type. | 2020-06-18 | 5 | CVE-2017-9106 MISC CONFIRM CONFIRM |
| adns -- adns | An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack. | 2020-06-18 | 5 | CVE-2017-9107 MISC CONFIRM CONFIRM |
| adns -- adns | An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte. | 2020-06-18 | 5 | CVE-2017-9108 MISC CONFIRM CONFIRM |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | 2020-06-17 | 5 | CVE-2018-21247 MISC MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | 2020-06-19 | 5 | CVE-2018-21262 CONFIRM |
| libvncserver -- libvncserver | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | 2020-06-17 | 5 | CVE-2019-20839 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | 2020-06-17 | 5 | CVE-2019-20840 MISC MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | 2020-06-19 | 5 | CVE-2019-20843 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import. | 2020-06-19 | 5 | CVE-2019-20845 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | 2020-06-19 | 5 | CVE-2019-20846 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled. | 2020-06-19 | 5 | CVE-2019-20877 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph. | 2020-06-19 | 5 | CVE-2019-20880 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post. | 2020-06-19 | 5 | CVE-2019-20884 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file. | 2020-06-19 | 5 | CVE-2019-20885 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. | 2020-06-19 | 5 | CVE-2019-20888 CONFIRM |
| intel -- active_management_technology | Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. | 2020-06-15 | 5 | CVE-2020-0538 MISC |
| intel -- active_management_technology | Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2020-06-15 | 5 | CVE-2020-0540 MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. | 2020-06-17 | 5 | CVE-2020-11909 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | 2020-06-17 | 5 | CVE-2020-11910 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | 2020-06-17 | 5 | CVE-2020-11911 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 2020-06-17 | 5 | CVE-2020-11913 MISC CISCO MISC MISC MISC |
| zoho_manageengine_servicedesk | Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. | 2020-06-12 | 5 | CVE-2020-14048 MISC MISC |
| gnu -- bison | GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). | 2020-06-15 | 5 | CVE-2020-14150 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | 2020-06-17 | 5 | CVE-2020-14396 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | 2020-06-17 | 5 | CVE-2020-14397 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. | 2020-06-17 | 5 | CVE-2020-14398 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. | 2020-06-17 | 5 | CVE-2020-14399 MISC MISC |
| libvncserver -- libvncserver | An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. | 2020-06-17 | 5 | CVE-2020-14400 MISC MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021. | 2020-06-19 | 5 | CVE-2020-14447 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. | 2020-06-19 | 5 | CVE-2020-14448 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. | 2020-06-19 | 5 | CVE-2020-14450 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. | 2020-06-19 | 5 | CVE-2020-14452 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. | 2020-06-19 | 5 | CVE-2020-14453 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012. | 2020-06-19 | 5 | CVE-2020-14457 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004. | 2020-06-19 | 5 | CVE-2020-14458 CONFIRM |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. | 2020-06-19 | 5 | CVE-2020-14459 CONFIRM |
| ibm -- mq_and_ma_appliance_devices | IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. | 2020-06-16 | 5 | CVE-2020-4310 XF CONFIRM |
| ibm -- spectrum_protect_client | IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019. | 2020-06-15 | 5 | CVE-2020-4494 XF CONFIRM |
| schneider-electric -- easergy_t300 | A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | 2020-06-16 | 5 | CVE-2020-7504 MISC |
| schneider-electric -- easergy_t300 | A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. | 2020-06-16 | 5 | CVE-2020-7506 MISC |
| schneider-electric -- easergy_t300 | A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service. | 2020-06-16 | 5 | CVE-2020-7507 MISC |
| schneider-electric -- easergy_t300 | A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | 2020-06-16 | 5 | CVE-2020-7508 MISC |
| schneider-electric -- easergy_t300 | A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. | 2020-06-16 | 5 | CVE-2020-7510 MISC |
| schneider-electric -- easergy_t300 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. | 2020-06-16 | 5 | CVE-2020-7511 MISC |
| schneider-electric -- easergy_t300 | A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | 2020-06-16 | 5 | CVE-2020-7513 MISC |
| open-xchange -- app_suite | OX App Suite through 7.10.3 has Improper Input Validation. | 2020-06-16 | 5 | CVE-2020-8543 MISC MISC |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-06-12 | 5 | CVE-2020-9643 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2020-06-12 | 5 | CVE-2020-9645 CONFIRM |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 2020-06-17 | 4.8 | CVE-2020-11899 MISC CISCO CONFIRM MISC MISC MISC |
| d-link -- dsl-2750u_isl2750ueme3.v1e_devices | D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | 2020-06-15 | 4.6 | CVE-2020-13150 MISC MISC |
| icinga -- icinga2 | An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | 2020-06-12 | 4.6 | CVE-2020-14004 CONFIRM MISC MISC MISC MISC |
| huawei -- p30_smartphones | HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations. | 2020-06-15 | 4.6 | CVE-2020-1813 MISC |
| vmware -- horizon_client_for_windows | VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user. | 2020-06-15 | 4.6 | CVE-2020-3961 MISC |
| wordpress -- wordpress | The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | 2020-06-15 | 4.3 | CVE-2019-19111 MISC |
| wordpress -- wordpress | The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | 2020-06-15 | 4.3 | CVE-2019-19112 MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. | 2020-06-19 | 4.3 | CVE-2019-20844 CONFIRM |
| micro_focus -- arcsight_logger | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | 2020-06-12 | 4.3 | CVE-2020-11839 MISC |
| digdash -- digdash | An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu. | 2020-06-15 | 4.3 | CVE-2020-13652 MISC |
| libermf_project -- libemf | ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | 2020-06-15 | 4.3 | CVE-2020-13999 MISC MISC MISC MISC |
| mutt -- mutt | Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | 2020-06-15 | 4.3 | CVE-2020-14093 MISC MISC DEBIAN |
| geovision -- door_access_control_device | GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages. | 2020-06-12 | 4.3 | CVE-2020-3929 MISC |
| schneider-electric -- ecostruxure_operator_terminal_expert | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. | 2020-06-16 | 4.3 | CVE-2020-7495 MISC |
| open-xchange -- ox_guard | OX Guard 2.10.3 and earlier allows XSS. | 2020-06-15 | 4.3 | CVE-2020-9426 MISC MISC MISC |
| micro_focus -- arcsight_enterprise_security_manager | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | 2020-06-16 | 4.3 | CVE-2020-9522 MISC |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 4.3 | CVE-2020-9647 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 4.3 | CVE-2020-9648 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 4.3 | CVE-2020-9651 CONFIRM |
| openstack -- mistral | A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. | 2020-06-15 | 4 | CVE-2018-16848 MISC MISC |
| intel -- active_management_technology | Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. | 2020-06-15 | 4 | CVE-2020-0537 MISC |
| micro_focus -- arcsight_management_center | Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | 2020-06-16 | 4 | CVE-2020-11840 MISC |
| micro_focus -- arcsight_management_center | Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | 2020-06-16 | 4 | CVE-2020-11841 MISC |
| fusionaccess -- fusionaccess | FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. | 2020-06-15 | 4 | CVE-2020-1825 MISC |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. | 2020-06-15 | 4 | CVE-2020-4477 XF CONFIRM |
| open-xchange -- app_suite | OX App Suite through 7.10.3 allows XXE attacks. | 2020-06-16 | 4 | CVE-2020-8541 MISC MISC |
| open-xchange -- app_suite | OX App Suite through 7.10.3 allows SSRF. | 2020-06-16 | 4 | CVE-2020-8544 MISC MISC |
| huawei -- multiple_products | Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage. | 2020-06-15 | 4 | CVE-2020-9075 MISC |
| huawei -- multiple_smartphones | HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. | 2020-06-15 | 4 | CVE-2020-9076 MISC |
| open-xchange -- guard | OX Guard 2.10.3 and earlier allows SSRF. | 2020-06-15 | 4 | CVE-2020-9427 MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| linux -- linux_kernel | A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | 2020-06-12 | 3.6 | CVE-2020-10732 SUSE CONFIRM MISC MISC MISC MISC MISC |
| wordpress -- wordpress | The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | 2020-06-15 | 3.5 | CVE-2019-19110 MISC |
| mattermost -- mattermost_server | An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post. | 2020-06-19 | 3.5 | CVE-2019-20883 CONFIRM |
| micros_focus -- arcsight_management_center | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | 2020-06-16 | 3.5 | CVE-2020-11838 MISC |
| kumbiaphp -- kumbiaphp | KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. | 2020-06-15 | 3.5 | CVE-2020-14146 MISC MISC |
| caldera -- caldera | CALDERA 2.7.0 allows XSS via the Operation Name box. | 2020-06-19 | 3.5 | CVE-2020-14462 MISC |
| wordpress -- wordpress | In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | 2020-06-12 | 3.5 | CVE-2020-4049 MISC CONFIRM MISC |
| ibm -- api_connect | IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489. | 2020-06-12 | 3.5 | CVE-2020-4251 XF CONFIRM |
| ibm -- spectrum_protect_client | IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. | 2020-06-15 | 3.5 | CVE-2020-4406 XF CONFIRM |
| open-xchange -- ox_app_suite | OX App Suite through 7.10.3 allows XSS. | 2020-06-16 | 3.5 | CVE-2020-8542 MISC MISC |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | 2020-06-12 | 3.5 | CVE-2020-9644 CONFIRM |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11903 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11905 MISC CISCO CONFIRM MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. | 2020-06-17 | 3.3 | CVE-2020-11908 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11912 MISC CISCO MISC MISC MISC |
| treck_inc -- transmission_control_protocol_internet_protocol_stack | The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. | 2020-06-17 | 3.3 | CVE-2020-11914 MISC CISCO MISC MISC MISC |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11. | 2020-06-18 | 3.3 | CVE-2020-14426 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14427 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14428 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14430 CONFIRM |
| netgear -- multiple_devices | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | 2020-06-18 | 3.3 | CVE-2020-14431 CONFIRM |
| huawei -- mate_30 | HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. | 2020-06-18 | 3.3 | CVE-2020-1835 MISC |
| huawei -- p30_and_p30_pro_smartphones | HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | 2020-06-18 | 2.1 | CVE-2020-1834 MISC |
| geovision -- door_access_control_device | GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. | 2020-06-12 | 2.1 | CVE-2020-3930 MISC |
| chownr -- chownr | A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. | 2020-06-15 | 1.9 | CVE-2017-18869 MISC MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.