Vulnerability Summary for the Week of April 6, 2020
Released
Apr 13, 2020
Document ID
SB20-104
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3xlogic -- infinias_eidc32 | 3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring. | 2020-04-04 | 7.5 | CVE-2020-11542 MISC |
| adb-driver -- abd-driver | adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | 2020-04-06 | 7.5 | CVE-2020-7636 MISC MISC |
| advantech -- webaccess/nms | WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | 2020-04-09 | 7.5 | CVE-2020-10625 MISC |
| advantech -- webaccess/nms | Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | 2020-04-09 | 10 | CVE-2020-10621 MISC |
| advantech -- webaccess/nms | An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | 2020-04-09 | 7.5 | CVE-2020-10631 MISC |
amcrest -- multiple_cameras_and_network_video_recorders | Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. | 2020-04-08 | 8 | CVE-2020-5735 MISC MISC |
| avira-- free_antivirus | An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality. | 2020-04-09 | 7.5 | CVE-2020-8961 CONFIRM |
| canonical -- microk8s | Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3. | 2020-04-08 | 7.2 | CVE-2019-15789 CONFIRM CONFIRM CONFIRM CONFIRM |
| centreon -- centreon | There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. | 2020-04-06 | 9 | CVE-2019-19699 MISC MISC MISC MISC MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file. | 2020-04-06 | 7.5 | CVE-2020-11598 MISC |
| cipplanner -- cipace | An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | 2020-04-06 | 7.5 | CVE-2020-11586 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner. | 2020-04-06 | 7.5 | CVE-2020-11597 MISC |
| compass-compile -- compass-compile | compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | 2020-04-06 | 7.5 | CVE-2020-7635 MISC MISC |
| dell -- latitude_7202_rugged_tablet | Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode. | 2020-04-04 | 7.2 | CVE-2020-5348 MISC |
| diskusage-ng -- diskusage-ng | diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | 2020-04-06 | 7.5 | CVE-2020-7631 MISC MISC |
| extplorer -- extplorer | Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian | 2020-04-10 | 7.5 | CVE-2019-7305 MISC |
| general_electric -- mark_vie_controller | GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment. | 2020-04-07 | 7.2 | CVE-2019-13559 MISC |
| gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | 2020-04-08 | 7.5 | CVE-2020-10980 CONFIRM MISC |
| gpac -- gpac | An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes. | 2020-04-05 | 7.5 | CVE-2020-11558 MISC MISC |
| heroku-addonpool -- heroku-addonpool | heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | 2020-04-06 | 7.5 | CVE-2020-7634 MISC MISC |
| hirschmann_automation_and_control -- hios_and_hisecos | A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. | 2020-04-03 | 7.5 | CVE-2020-6994 MISC |
| honeywell -- notifier_web_server | Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem. | 2020-04-07 | 7.5 | CVE-2020-6974 MISC |
| ibm -- api_connect_developer_toolkit | apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | 2020-04-06 | 7.5 | CVE-2020-7633 MISC MISC |
| jooby -- jooby | All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. | 2020-04-06 | 7.5 | CVE-2020-7622 MISC MISC |
| linux -- linux_kernel | In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | 2020-04-08 | 10 | CVE-2019-20636 MISC MISC MISC |
| netty -- netty | The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. | 2020-04-07 | 7.5 | CVE-2020-11612 MISC MISC MISC MLIST MLIST MLIST MLIST MLIST MLIST |
| node-mpv -- node-mpv | node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | 2020-04-06 | 7.5 | CVE-2020-7632 MISC MISC |
| npm-programmatic -- npg-programmatic | npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | 2020-04-07 | 7.5 | CVE-2020-7614 MISC MISC |
| opsramp -- gateway | OpsRamp Gateway 3.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. | 2020-04-08 | 10 | CVE-2020-11543 MISC |
| palo_alto_networks -- global_protect_agent | An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows; | 2020-04-08 | 7.2 | CVE-2020-1988 MISC |
| palo_alto_networks -- global_protect_agent | An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1. | 2020-04-08 | 7.2 | CVE-2020-1989 MISC |
| palo_alto_networks -- pan-os | A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1. | 2020-04-08 | 9 | CVE-2020-1990 MISC |
| palo_alto_networks -- pan-os | A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls. | 2020-04-08 | 9.3 | CVE-2020-1992 MISC |
| palo_alto_networks -- secdo | Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. | 2020-04-08 | 7.2 | CVE-2020-1984 MISC |
| primekey -- ejbca | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized. | 2020-04-08 | 7.5 | CVE-2020-11630 MISC |
| project_worlds -- official_car_rental_system | Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | 2020-04-06 | 7.5 | CVE-2020-11545 MISC |
| pulse_secure -- pulse_connect_secure | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. | 2020-04-06 | 9.3 | CVE-2020-11581 MISC CONFIRM |
| qemu -- qemu | hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. | 2020-04-06 | 7.5 | CVE-2020-11102 MLIST MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018). | 2020-04-08 | 10 | CVE-2018-21049 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017). | 2020-04-07 | 7.5 | CVE-2017-18683 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). There are multiple buffer overflows in the bootloader. The Samsung ID is SVE-2016-7930 (March 2017). | 2020-04-07 | 10 | CVE-2017-18681 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a stack-based buffer overflow with resultant memory corruption in a trustlet. The Samsung IDs are SVE-2017-8889, SVE-2017-8891, and SVE-2017-8892 (August 2017). | 2020-04-07 | 7.5 | CVE-2017-18655 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in process_cipher_tdea. The Samsung ID is SVE-2017-8973 (July 2017). | 2020-04-07 | 7.5 | CVE-2017-18661 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018). | 2020-04-08 | 10 | CVE-2018-21050 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020). | 2020-04-08 | 10 | CVE-2020-11600 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). | 2020-04-08 | 10 | CVE-2018-21055 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018). | 2020-04-08 | 7.5 | CVE-2018-21065 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016). | 2020-04-07 | 7.8 | CVE-2016-11031 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018). | 2020-04-08 | 7.5 | CVE-2018-21087 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599 (April 2020). | 2020-04-08 | 7.5 | CVE-2020-11603 CONFIRM MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018). | 2020-04-08 | 7.2 | CVE-2018-21070 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018). | 2020-04-08 | 10 | CVE-2018-21066 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018). | 2020-04-08 | 7.5 | CVE-2018-21075 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018). | 2020-04-08 | 7.5 | CVE-2018-21071 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018). | 2020-04-08 | 7.5 | CVE-2018-21064 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016). | 2020-04-07 | 7.8 | CVE-2016-11039 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016). | 2020-04-07 | 7.5 | CVE-2016-11025 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016). | 2020-04-07 | 7.8 | CVE-2016-11026 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018). | 2020-04-08 | 7.5 | CVE-2018-21054 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017). | 2020-04-07 | 7.8 | CVE-2017-18685 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Because of incorrect exception handling and an unprotected intent, AudioService can cause a system crash, The Samsung IDs are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117 (March 2017). | 2020-04-07 | 7.8 | CVE-2017-18682 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. SLocation can cause a system crash via a call to an API that is not implemented. The Samsung ID is SVE-2017-8285 (April 2017). | 2020-04-07 | 7.8 | CVE-2017-18679 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.0) software. The time service (aka Timaservice) allows a kernel panic. The Samsung ID is SVE-2017-8593 (May 2017). | 2020-04-07 | 7.8 | CVE-2017-18674 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018). | 2020-04-08 | 10 | CVE-2018-21063 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016). | 2020-04-07 | 7.5 | CVE-2016-11033 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018). | 2020-04-08 | 10 | CVE-2018-21090 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018). | 2020-04-08 | 10 | CVE-2018-21089 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018). | 2020-04-08 | 10 | CVE-2018-21072 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018). | 2020-04-08 | 7.8 | CVE-2018-21091 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017). | 2020-04-07 | 7.5 | CVE-2017-18684 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018). | 2020-04-08 | 7.5 | CVE-2018-21058 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017). | 2020-04-07 | 7.5 | CVE-2017-18652 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January 2017). | 2020-04-07 | 7.5 | CVE-2017-18696 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). | 2020-04-08 | 10 | CVE-2018-21051 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018). | 2020-04-08 | 10 | CVE-2018-21052 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can cause a reboot because InputMethodManagerService has an unprotected system service. The Samsung ID is SVE-2017-9995 (January 2018). | 2020-04-08 | 7.8 | CVE-2018-21088 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | 2020-04-07 | 7.5 | CVE-2016-11036 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018). | 2020-04-08 | 7.5 | CVE-2018-21044 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 (December 2018). | 2020-04-08 | 7.5 | CVE-2018-21042 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | 2020-04-08 | 7.5 | CVE-2018-21038 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016). | 2020-04-07 | 7.5 | CVE-2016-11028 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017). | 2020-04-07 | 7.5 | CVE-2017-18693 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos8890 chipsets) software. There are multiple Buffer Overflows in TSP sysfs cmd_store. The Samsung ID is SVE-2016-7500 (January 2017). | 2020-04-07 | 7.5 | CVE-2017-18691 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017). | 2020-04-07 | 7.5 | CVE-2017-18690 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016). | 2020-04-07 | 7.5 | CVE-2016-11038 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016). | 2020-04-07 | 7.1 | CVE-2016-11034 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018). | 2020-04-08 | 10 | CVE-2018-21057 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in tlc_server. The Samsung ID is SVE-2017-8888 (July 2017). | 2020-04-07 | 7.5 | CVE-2017-18660 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with J(4.2) (Qualcomm Wi-Fi chipsets) software. There is a buffer overflow in the Qualcomm WLAN Driver. The Samsung ID is SVE-2016-5326 (February 2016). | 2020-04-07 | 7.5 | CVE-2016-11051 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software. There is a muic_set_reg_sel heap-based buffer overflow during the reading of MUIC register values. The Samsung ID is SVE-2017-10011 (December 2017). | 2020-04-08 | 7.5 | CVE-2017-18644 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software. There is a panel_lpm sysfs stack-based buffer overflow. The Samsung ID is SVE-2017-9414 (December 2017). | 2020-04-08 | 7.5 | CVE-2017-18645 CONFIRM |
| sqlite -- sqlite | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 2020-04-09 | 7.5 | CVE-2020-11656 MISC MISC |
| suse -- openstack_cloud_and_openstack_cloud_crowbar | A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-. | 2020-04-03 | 7.2 | CVE-2018-17954 CONFIRM |
| tencent -- qqbrowser | QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService. | 2020-04-09 | 7.2 | CVE-2020-10551 MISC MISC |
| testlink -- testlink | A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. | 2020-04-03 | 7.5 | CVE-2020-8638 MISC CONFIRM |
| testlink -- testlink | A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. | 2020-04-03 | 7.5 | CVE-2020-8637 MISC CONFIRM |
universal_robots -- cb2_sw_and_cb3_sw_and_e-series_sw_robot_controllers | Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization. | 2020-04-06 | 9 | CVE-2020-10265 CONFIRM |
| utils-extend -- utils-extend | Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend. | 2020-04-03 | 7.5 | CVE-2020-8147 MISC |
| visam -- vbase_editor_and_web-remote_module | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application. | 2020-04-03 | 7.2 | CVE-2020-7004 MISC |
| visam -- vbase_editor_and_web-remote_module | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code. | 2020-04-03 | 7.5 | CVE-2020-10599 MISC |
| wordpress -- wordpress | The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed. | 2020-04-05 | 7.5 | CVE-2020-11548 MISC MISC |
| wordpress -- wordpress | The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. | 2020-04-07 | 7.5 | CVE-2020-11514 MISC MISC MISC |
| xiaomi -- xiaoai_speaker_pro_lx06 | An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. | 2020-04-08 | 7.2 | CVE-2020-10263 MISC MISC MISC |
| xiaomi -- xiaoai_speaker_pro_lx06 | An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. | 2020-04-08 | 7.2 | CVE-2020-10262 MISC MISC MISC |
| zhejiang_dahua_technology -- multiple_products | Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. | 2020-04-09 | 7.5 | CVE-2020-9499 MISC |
| zoho -- manageengine_adselfservice_plus | Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | 2020-04-04 | 7.5 | CVE-2020-11518 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess/nms | There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | 2020-04-09 | 5 | CVE-2020-10617 MISC |
| advantech -- webaccess/nms | WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | 2020-04-09 | 6.5 | CVE-2020-10603 MISC |
| advantech -- webaccess/nms | Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | 2020-04-09 | 4 | CVE-2020-10623 MISC |
| advantech -- webaccess/nms | An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | 2020-04-09 | 6.4 | CVE-2020-10619 MISC |
| advantech -- webaccess/nms | WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. | 2020-04-09 | 5 | CVE-2020-10629 MISC |
amcrest -- multiple_cameras_and_network_video_recorders
| Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device. | 2020-04-08 | 6.8 | CVE-2020-5736 MISC |
argo -- argo_cd | Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts within Argo. | 2020-04-08 | 5 | CVE-2020-11576 MISC MISC MISC |
argo -- argo_cd | As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere. | 2020-04-08 | 6.5 | CVE-2020-8828 MISC MISC MISC |
argo -- argo_cd | In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. | 2020-04-09 | 4 | CVE-2018-21034 MISC MISC MISC MISC |
| argo -- argo_cd | As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. | 2020-04-08 | 5 | CVE-2020-8827 MISC MISC MISC MISC |
| argo -- argo_cd | As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication. | 2020-04-08 | 5 | CVE-2020-8826 MISC MISC MISC |
| auth0 -- auth0.js | auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3 | 2020-04-09 | 4 | CVE-2020-5263 MISC CONFIRM |
| bit2spr -- bit2spr | bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file. | 2020-04-04 | 5 | CVE-2020-11528 MISC MISC |
| bitdefender -- high-level_antimalware__sdk_for_windows | Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | 2020-04-07 | 4.6 | CVE-2020-8096 CONFIRM |
| broadcom -- management_center | A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. | 2020-04-10 | 4.3 | CVE-2019-18376 MISC |
| castle_rock_computing -- snmpc_online | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF. | 2020-04-09 | 6.8 | CVE-2020-11553 MISC |
| castle_rock_computing -- snmpc_online | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. | 2020-04-09 | 5 | CVE-2020-11554 MISC |
| castle_rock_computing -- snmpc_online | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. | 2020-04-09 | 5 | CVE-2020-11555 MISC |
| castle_rock_computing -- snmpc_online | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | 2020-04-09 | 5 | CVE-2020-11557 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path. | 2020-04-06 | 5 | CVE-2020-11594 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address. | 2020-04-06 | 5 | CVE-2020-11593 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name. | 2020-04-06 | 5 | CVE-2020-11591 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database. | 2020-04-06 | 5 | CVE-2020-11592 MISC |
| cipplanner -- cipace | An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only. | 2020-04-06 | 5 | CVE-2020-11589 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path. | 2020-04-06 | 5 | CVE-2020-11595 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths. | 2020-04-06 | 5 | CVE-2020-11588 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name. | 2020-04-06 | 5 | CVE-2020-11590 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user. | 2020-04-06 | 5 | CVE-2020-11599 MISC |
| cipplanner -- cipace | A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server. | 2020-04-06 | 5 | CVE-2020-11596 MISC |
| cipplanner -- cipace | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server. | 2020-04-06 | 5 | CVE-2020-11587 MISC |
| clamscan -- clamscan | clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue. | 2020-04-07 | 6.8 | CVE-2020-7613 MISC MISC |
| class-transformer -- class-transformer | class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | 2020-04-06 | 5 | CVE-2020-7637 MISC MISC |
| code::blocks -- code::blocks | A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. | 2020-04-08 | 4.3 | CVE-2020-10814 MISC MISC MISC |
| communilink -- clink_office | A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2020-04-07 | 4.3 | CVE-2020-6171 MISC |
| confinit -- confinit | confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | 2020-04-06 | 5 | CVE-2020-7638 MISC MISC |
| dell -- emc_isilon_onefs | Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. | 2020-04-04 | 5 | CVE-2020-5347 MISC |
| dnn_software -- dnn | There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. | 2020-04-06 | 4 | CVE-2020-11585 MISC |
| eclipse -- che | A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod. | 2020-04-03 | 4.9 | CVE-2020-10689 CONFIRM MISC |
| eivindfjeldstad-dot -- eivindfjeldstad-dot | eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | 2020-04-06 | 5 | CVE-2020-7639 MISC MISC |
| express-mock-middleware -- express-mock-middlware | express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. | 2020-04-07 | 5 | CVE-2020-7616 MISC MISC |
| facebook -- instragram_for_android | A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128. | 2020-04-09 | 6.8 | CVE-2020-1895 CONFIRM |
| facebook -- oculus_desktop | Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file. | 2020-04-08 | 4.6 | CVE-2020-1885 CONFIRM |
| fortinet -- fortiadc | An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. | 2020-04-07 | 6.8 | CVE-2020-9286 MISC |
| fortinet -- multiple_products | An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | 2020-04-07 | 5 | CVE-2019-17657 CONFIRM |
| fsa -- fsa | fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands. | 2020-04-07 | 4.6 | CVE-2020-7615 MISC MISC |
| general_electric --mark_vie_controller | GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. GE recommends that users disable the Telnet service. | 2020-04-07 | 6.5 | CVE-2019-13554 MISC |
gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | 2020-04-08 | 4 | CVE-2020-10981 CONFIRM MISC |
gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. | 2020-04-08 | 4 | CVE-2020-10975 CONFIRM MISC |
gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. | 2020-04-08 | 5 | CVE-2020-10976 CONFIRM MISC |
gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. | 2020-04-08 | 4 | CVE-2020-10979 CONFIRM MISC |
| gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. | 2020-04-08 | 5 | CVE-2020-10978 CONFIRM MISC |
| gnutls -- gnutls | GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. | 2020-04-03 | 6.4 | CVE-2020-11501 SUSE MISC MISC DEBIAN MISC |
| grav -- grav | Common/Grav.php in Grav before 1.6.23 has an Open Redirect. | 2020-04-04 | 5.8 | CVE-2020-11529 MISC MISC |
| greenbrowser -- greenbrowser | GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in version 1.2. | 2020-04-08 | 4.3 | CVE-2020-11000 MISC CONFIRM |
| hcl -- appscan_standard_edition | HCL AppScan Standard is vulnerable to excessive authorization attempts | 2020-04-07 | 5 | CVE-2019-4393 MISC |
| hcl -- appscan_standard_edition | HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | 2020-04-07 | 6.4 | CVE-2019-4391 MISC |
| hms_networks -- ewon_flexy_and_cosy | A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful. | 2020-04-08 | 4.3 | CVE-2020-10633 MISC |
| ibm -- quality_manager | IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295. | 2020-04-08 | 4 | CVE-2019-4603 XF CONFIRM |
| ibm -- quality_manager | IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system. | 2020-04-08 | 4 | CVE-2019-4601 XF CONFIRM |
| ibm -- security_information_queue | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333. | 2020-04-08 | 5.5 | CVE-2020-4290 XF CONFIRM |
| ibm -- security_information_queue | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334. | 2020-04-08 | 4.3 | CVE-2020-4291 XF CONFIRM |
| ibm -- security_information_queue | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205. | 2020-04-08 | 4 | CVE-2020-4282 XF CONFIRM |
| ibm -- security_information_queue | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207. | 2020-04-08 | 5 | CVE-2020-4284 XF CONFIRM |
| ibm -- security_information_queue | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332. | 2020-04-08 | 5 | CVE-2020-4289 XF CONFIRM |
| ibm -- security_information_queue | IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400. | 2020-04-08 | 4 | CVE-2020-4164 XF CONFIRM |
| ibm -- spectrum_scale | IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977. | 2020-04-03 | 6.9 | CVE-2020-4273 XF CONFIRM |
ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. | 2020-04-10 | 6.5 | CVE-2020-4362 XF CONFIRM |
| ixsystems -- freenas_and_truenas | An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent. | 2020-04-08 | 5 | CVE-2020-11650 MISC CONFIRM |
| jenkins -- jenkins | Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | 2020-04-07 | 4.3 | CVE-2020-2174 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-04-07 | 4 | CVE-2020-2172 MLIST CONFIRM |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. | 2020-04-10 | 5 | CVE-2020-11669 MISC MISC MISC |
| linux -- linux_kernel | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | 2020-04-09 | 5 | CVE-2020-11668 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. | 2020-04-06 | 4.6 | CVE-2020-11565 MISC MISC |
| linux -- linux_kernel | An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. | 2020-04-07 | 4.9 | CVE-2020-11609 MISC MISC MISC |
| logicaldoc -- logicaldoc | LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365. | 2020-04-08 | 5 | CVE-2020-10366 MISC MISC |
| malwarebytes -- adwcleaner | An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | 2020-04-06 | 6.9 | CVE-2020-11507 CONFIRM |
| mediawiki -- mediawiki | In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). | 2020-04-03 | 5 | CVE-2020-10960 CONFIRM CONFIRM |
| mh-wikibot -- mh-wikibot | MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1. | 2020-04-07 | 6.4 | CVE-2020-5302 MISC CONFIRM |
| mongodb -- mongodb | X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. | 2020-04-09 | 4 | CVE-2020-7922 MISC |
| nch_software -- express_invoice | In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | 2020-04-07 | 6.5 | CVE-2020-11561 MISC MISC MISC |
| paessler -- prtg_network_monitor | PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm. | 2020-04-05 | 5 | CVE-2020-11547 MISC |
| palo_alto_networks -- secdo_for_windows | Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows. | 2020-04-08 | 4.9 | CVE-2020-1986 MISC |
| palo_alto_networks -- secdo_for_windows | Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. | 2020-04-08 | 4.6 | CVE-2020-1985 MISC |
| perl-convert-asn1 -- perl-convert-asn1 | perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | 2020-04-07 | 5 | CVE-2013-7488 MISC |
| plat’home -- easyblocks_ipv6 | Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management console, that may result in information alteration/disclosure via unspecified vectors. | 2020-04-08 | 5.8 | CVE-2020-5550 MISC MISC MISC |
| plat’home -- easyblocks_ipv6 | Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2020-04-08 | 6.8 | CVE-2020-5549 MISC MISC MISC |
| primekey -- ejbca | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) | 2020-04-08 | 6.5 | CVE-2020-11629 MISC |
| primekey -- ejbca | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI. | 2020-04-08 | 6.8 | CVE-2020-11627 MISC |
| primekey -- ejbca | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets. | 2020-04-08 | 4.3 | CVE-2020-11626 MISC |
| primekey -- ejbca | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.) | 2020-04-08 | 5 | CVE-2020-11628 MISC |
| primekey -- ejbca | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.) | 2020-04-08 | 4 | CVE-2020-11631 MISC |
| project_worlds – official_car_rental_system_1 | An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files. | 2020-04-06 | 6.5 | CVE-2020-11544 MISC |
| pulse_secure --pulse_connect_secure | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | 2020-04-06 | 6.4 | CVE-2020-11580 MISC CONFIRM |
| red_hat --jboss_keycloak | A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. | 2020-04-06 | 5.8 | CVE-2020-1728 CONFIRM |
| revive-adserver -- revive_adserver | A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided. | 2020-04-03 | 4.6 | CVE-2020-8142 MISC MISC |
| revive-adserver -- revive_adserver | An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter. | 2020-04-03 | 5.8 | CVE-2020-8143 MISC MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a NULL pointer exception in WifiService via adb-cmd, causing memory corruption. The Samsung ID is SVE-2017-8287 (June 2017). | 2020-04-07 | 5.8 | CVE-2017-18665 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017). | 2020-04-07 | 5 | CVE-2017-18657 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016). | 2020-04-07 | 5 | CVE-2016-11043 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 (February 2017). | 2020-04-07 | 5 | CVE-2017-18686 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017). | 2020-04-07 | 5 | CVE-2017-18668 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017). | 2020-04-07 | 5 | CVE-2017-18694 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). | 2020-04-07 | 5 | CVE-2016-11029 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is an Integer Overflow in process_M_SetTokenTUIPasswd during handling of a trusted application, leading to memory corruption. The Samsung IDs are SVE-2017-9008 and SVE-2017-9009 (October 2017). | 2020-04-07 | 5 | CVE-2017-18651 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016). | 2020-04-07 | 6.8 | CVE-2016-11052 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 (June 2016). | 2020-04-07 | 4.6 | CVE-2016-11044 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017). | 2020-04-07 | 6.4 | CVE-2017-18648 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018). | 2020-04-08 | 6.4 | CVE-2018-21081 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). | 2020-04-08 | 4.6 | CVE-2018-21061 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017). | 2020-04-07 | 6.8 | CVE-2017-18647 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017). | 2020-04-07 | 4.9 | CVE-2017-18672 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016). | 2020-04-07 | 4.9 | CVE-2016-11035 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Because of an unprotected Intent, an attacker can reset the configuration of certain applications. The Samsung ID is SVE-2016-7142 (April 2017). | 2020-04-07 | 5 | CVE-2017-18677 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-8119 (April 2017). | 2020-04-07 | 5 | CVE-2017-18678 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017). | 2020-04-07 | 6.8 | CVE-2017-18692 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016). | 2020-04-07 | 6.4 | CVE-2016-11049 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018). | 2020-04-08 | 6.8 | CVE-2018-21084 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017). | 2020-04-07 | 5 | CVE-2017-18675 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the "SamFAIL" issue. The Samsung ID is SVE-2017-10465 (November 2017). | 2020-04-07 | 6.5 | CVE-2017-18649 MISC CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). | 2020-04-08 | 6.8 | CVE-2018-21040 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. The Email application allows attackers to send emails on behalf of any user via a broadcasted intent. The Samsung ID is SVE-2017-9357 (September 2017). | 2020-04-07 | 4 | CVE-2017-18653 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 (January 2017). | 2020-04-07 | 4.3 | CVE-2017-18689 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016). | 2020-04-07 | 4.6 | CVE-2016-11047 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018). | 2020-04-08 | 6.8 | CVE-2018-21086 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification exposure occurs in Lockdown mode because of the Edge Lighting application. The Samsung ID is SVE-2020-16680 (April 2020). | 2020-04-08 | 5 | CVE-2020-11607 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). | 2020-04-08 | 5 | CVE-2018-21078 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017). | 2020-04-07 | 5 | CVE-2017-18667 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017). | 2020-04-07 | 5 | CVE-2017-18669 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020). | 2020-04-08 | 5 | CVE-2020-11605 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Intents related to Wi-Fi have incorrect exception handling, leading to a crash of system processes. The Samsung ID is SVE-2017-8389 (May 2017). | 2020-04-07 | 5 | CVE-2017-18671 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018). | 2020-04-08 | 6.8 | CVE-2018-21085 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018). | 2020-04-08 | 4.6 | CVE-2018-21082 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software. There is an RKP kernel protection bypass (in which unwanted memory mappings may occur) because of a lack of MSR trapping. The Samsung ID is SVE-2016-7901 (April 2017). | 2020-04-07 | 5 | CVE-2017-18676 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017). | 2020-04-08 | 5 | CVE-2017-18643 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Factory Reset Protection (FRP) bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 (November 2018). | 2020-04-08 | 5 | CVE-2018-21047 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017). | 2020-04-07 | 5 | CVE-2017-18687 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software. There is an information disclosure (of memory locations outside a buffer) via /dev/dsm_ctrl_dev. The Samsung ID is SVE-2016-7340 (January 2017). | 2020-04-07 | 5 | CVE-2017-18688 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018). | 2020-04-08 | 5 | CVE-2018-21041 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018). | 2020-04-08 | 5 | CVE-2018-21069 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID is SVE-2018-11806 (September 2018). | 2020-04-08 | 5 | CVE-2018-21059 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The Samsung IDs are SVE-2018-11989, SVE-2018-11990 (September 2018). | 2020-04-08 | 5 | CVE-2018-21060 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018). | 2020-04-08 | 5 | CVE-2018-21067 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016). | 2020-04-07 | 6.8 | CVE-2016-11045 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. android.intent.action.SIOP_LEVEL_CHANGED allows a serializable intent reboot. The Samsung ID is SVE-2017-8363 (May 2017). | 2020-04-07 | 5 | CVE-2017-18670 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016). | 2020-04-07 | 6.8 | CVE-2016-11030 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Data outside of the rkp log buffer boundary is read, causing an information leak. The Samsung ID is SVE-2017-9109 (July 2017). | 2020-04-07 | 5 | CVE-2017-18662 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. The multiwindow_facade API allows attackers to cause a NullPointerException and system halt via an attempted screen touch of a non-existing display. The Samsung ID is SVE-2017-9383 (August 2017). | 2020-04-07 | 5 | CVE-2017-18658 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018). | 2020-04-08 | 5 | CVE-2018-21039 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 (June 2017). | 2020-04-07 | 5 | CVE-2017-18664 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. Because of missing Intent exception handling, system_server can have a NullPointerException with a crash of a system process. The Samsung IDs are SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, and SVE-2017-9126 (July 2017). | 2020-04-07 | 5 | CVE-2017-18663 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018). | 2020-04-08 | 5 | CVE-2018-21083 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017). | 2020-04-07 | 5 | CVE-2017-18659 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017). | 2020-04-07 | 5 | CVE-2017-18650 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016). | 2020-04-07 | 5 | CVE-2016-11042 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0, 7.1) software. An unauthenticated attacker can register a new security certificate. The Samsung ID is SVE-2017-9659 (September 2017). | 2020-04-07 | 5 | CVE-2017-18654 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016). | 2020-04-07 | 5 | CVE-2016-11032 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 2017). | 2020-04-07 | 5 | CVE-2017-18666 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016). | 2020-04-07 | 5 | CVE-2016-11046 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer over-read in a trustlet. The Samsung ID is SVE-2017-8890 (August 2017). | 2020-04-07 | 5 | CVE-2017-18656 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018). | 2020-04-08 | 5 | CVE-2018-21079 CONFIRM |
| samsung --multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. There is an Out-of-bounds read in the MLDAP Trustlet. The Samsung ID is SVE-2019-16565 (April 2020). | 2020-04-08 | 6.4 | CVE-2020-11604 CONFIRM |
| sds -- sds | sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | 2020-04-07 | 5 | CVE-2020-7618 MISC MISC |
| solarwinds -- dameware | Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | 2020-04-07 | 4.3 | CVE-2020-5734 MISC |
| sqlite -- sqlite | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | 2020-04-09 | 5 | CVE-2020-11655 MISC MISC |
| stmicroelectronics -- stm32f1_devices | STMicroelectronics STM32F1 devices have Incorrect Access Control. | 2020-04-06 | 5 | CVE-2020-8004 MISC |
suse -- linux_enterprise_server_12_autoyast2_and_linux_enterprise_server_15_autoyast2 | A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions. | 2020-04-03 | 4.3 | CVE-2019-18905 CONFIRM |
| suse -- multiple_products | A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1. | 2020-04-03 | 5 | CVE-2019-18904 CONFIRM |
symantec -- data_center_security_manager_component | Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2020-04-06 | 4.6 | CVE-2020-5832 MISC |
| testlink -- testlink | An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. | 2020-04-03 | 6.5 | CVE-2020-8639 MISC CONFIRM |
| universal_robotics -- control_box_devices | Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property. | 2020-04-06 | 5 | CVE-2020-10267 CONFIRM |
| universal_robots -- cb3_sw_and_e-series_sw_robot_controllers | CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible | 2020-04-06 | 5.8 | CVE-2020-10264 CONFIRM |
| universal_robots -- universal_robots+ | UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand. | 2020-04-06 | 6.8 | CVE-2020-10266 CONFIRM |
| varnish-cache -- varnish_cache | An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | 2020-04-08 | 5 | CVE-2019-20637 MISC |
| varnish-cache -- varnish_cache | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | 2020-04-08 | 5 | CVE-2020-11653 MISC |
| visam -- vbase_editor_and_vbase_web-remote_module | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | 2020-04-03 | 5 | CVE-2020-7000 MISC |
| visam -- vbase_editor_and_vbase_web-remote_module | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources. | 2020-04-03 | 5 | CVE-2020-7008 MISC |
| visam -- vbase_editor_and_vbase_web-remote_module | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash. | 2020-04-03 | 4.6 | CVE-2020-10601 MISC |
| vmware -- vmware_director_service | Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. | 2020-04-10 | 6.8 | CVE-2020-3952 MISC |
| wordpress -- wordpress | An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page). | 2020-04-07 | 4 | CVE-2020-9514 MISC MISC |
| wordpress -- wordpress | An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page). | 2020-04-07 | 4.3 | CVE-2020-11509 MISC |
| wordpress -- wordpress | includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. | 2020-04-03 | 4.3 | CVE-2019-17231 MISC |
| wordpress -- wordpress | The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). | 2020-04-07 | 5.8 | CVE-2020-11515 MISC MISC MISC |
| wordpress -- wordpress | includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. | 2020-04-03 | 5 | CVE-2019-17230 MISC |
| xdlocalstorage -- xdlocalstorage | An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends. | 2020-04-07 | 6.8 | CVE-2020-11610 MISC MISC |
| xdlocalstorage -- xdlocalstorage | An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | 2020-04-07 | 5.8 | CVE-2015-9544 MISC MISC MISC MISC |
| xdlocalstorage -- xdlocalstorage | An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | 2020-04-07 | 5.8 | CVE-2015-9545 MISC MISC MISC MISC |
| xdlocalstorage -- xdlocalstorage | An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends. | 2020-04-07 | 5.8 | CVE-2020-11611 MISC MISC |
| zhejiang_dahua_technology -- multiple_products | Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. | 2020-04-09 | 5 | CVE-2020-9500 MISC |
| zoho -- manageengine_opmanager | In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | 2020-04-04 | 5 | CVE-2020-11527 MISC |
| zoom -- client_for_meetings | Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key. | 2020-04-03 | 5 | CVE-2020-11500 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| castle_rock_computing -- snmpc_online | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities. | 2020-04-09 | 3.5 | CVE-2020-11556 MISC |
| fortinet -- fortiadc | An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | 2020-04-07 | 3.5 | CVE-2020-6647 MISC |
| gitlab -- gitlab_enterprise_and_community_editions | GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. | 2020-04-08 | 2.1 | CVE-2020-10977 CONFIRM MISC |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707. | 2020-04-08 | 3.5 | CVE-2019-4737 XF CONFIRM |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172808. | 2020-04-08 | 3.5 | CVE-2019-4740 XF CONFIRM |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172885. | 2020-04-08 | 3.5 | CVE-2019-4746 XF CONFIRM |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175490. | 2020-04-08 | 3.5 | CVE-2020-4252 XF CONFIRM |
| ibm -- quality_manager | IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293. | 2020-04-08 | 3.5 | CVE-2019-4602 XF CONFIRM |
| ivanti -- workspace_control | Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). | 2020-04-04 | 2.1 | CVE-2020-11533 MISC |
jenkins -- jenkins | Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. | 2020-04-07 | 3.5 | CVE-2020-2175 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. | 2020-04-07 | 3.5 | CVE-2020-2173 MLIST CONFIRM |
| jenkins -- jenkins | Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service. | 2020-04-07 | 3.5 | CVE-2020-2176 MLIST CONFIRM |
| juniper_networks -- junos_os | A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1. | 2020-04-08 | 2.1 | CVE-2020-1623 CONFIRM |
| juniper_networks -- junos_os | A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1. | 2020-04-08 | 2.1 | CVE-2020-1624 CONFIRM |
| juniper_networks -- junos_os | A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1. | 2020-04-08 | 2.1 | CVE-2020-1621 CONFIRM |
| juniper_networks -- junos_os | A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1. | 2020-04-08 | 2.1 | CVE-2020-1620 CONFIRM |
| juniper_networks -- junos_os | A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1. | 2020-04-08 | 2.1 | CVE-2020-1622 CONFIRM |
| linux -- linux_kernel | The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | 2020-04-10 | 2.1 | CVE-2020-8832 MISC UBUNTU |
| linux -- linux_kernel | A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. | 2020-04-08 | 2.3 | CVE-2020-2732 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. | 2020-04-07 | 2.1 | CVE-2020-11608 MISC MISC MISC |
| nch_software -- express_invoice | NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. | 2020-04-07 | 2.1 | CVE-2020-11560 MISC MISC |
| ory -- hydra | In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17 | 2020-04-06 | 3.5 | CVE-2020-5300 MISC MISC CONFIRM |
| palo_alto_networks -- global_protect_agent | An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1. | 2020-04-08 | 2.1 | CVE-2020-1987 MISC |
| palo_alto_networks -- traps | An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS. | 2020-04-08 | 3.6 | CVE-2020-1991 MISC |
| palo_alto_networks -- vm_series_for_microsoft_azure_platform | TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in Azure. A user with the credentials will be able to manage all the Azure resources in the subscription except for granting access to other resources. These credentials do not allow login access to the VMs themselves. This issue affects VM Series Plugin versions before 1.0.9 for PAN-OS 9.0. This issue does not affect VM Series in non-HA configurations or on other cloud platforms. It does not affect hardware firewall appliances. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the tech support files with the credentials. We now filter and remove these credentials from all TechSupport files sent to us. The TechSupport files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials. | 2020-04-08 | 1.9 | CVE-2020-1978 MISC |
| pulse_secure -- pulse_connect_secure | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | 2020-04-06 | 3.3 | CVE-2020-11582 MISC CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018). | 2020-04-08 | 2.1 | CVE-2018-21053 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018). | 2020-04-08 | 2.1 | CVE-2018-21074 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). | 2020-04-08 | 2.1 | CVE-2018-21076 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017). | 2020-04-07 | 3.5 | CVE-2017-18695 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016). | 2020-04-07 | 2.1 | CVE-2016-11050 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | 2020-04-08 | 2.1 | CVE-2018-21068 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017). | 2020-04-07 | 3.6 | CVE-2017-18680 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April 2020). | 2020-04-08 | 2.1 | CVE-2020-11606 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). | 2020-04-08 | 2.1 | CVE-2018-21077 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018). | 2020-04-08 | 2.1 | CVE-2018-21080 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). | 2020-04-08 | 2.1 | CVE-2018-21073 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Google Assistant leaks clipboard contents on a locked device. The Samsung ID is SVE-2019-16558 (April 2020). | 2020-04-08 | 2.1 | CVE-2020-11602 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016). | 2020-04-07 | 2.1 | CVE-2016-11027 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | 2020-04-08 | 3.3 | CVE-2018-21092 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). | 2020-04-07 | 2.1 | CVE-2017-18673 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 (April 2020). | 2020-04-08 | 2.1 | CVE-2020-11601 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016). | 2020-04-07 | 2.1 | CVE-2016-11041 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016). | 2020-04-07 | 2.1 | CVE-2016-11040 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). | 2020-04-08 | 2.1 | CVE-2018-21043 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018). | 2020-04-08 | 2.1 | CVE-2018-21048 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911 (November 2018). | 2020-04-08 | 2.1 | CVE-2018-21046 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018). | 2020-04-08 | 2.1 | CVE-2018-21045 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018). | 2020-04-08 | 2.1 | CVE-2018-21056 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017). | 2020-04-08 | 2.1 | CVE-2017-18646 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016). | 2020-04-07 | 2.1 | CVE-2016-11053 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016). | 2020-04-07 | 2.1 | CVE-2016-11048 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). | 2020-04-08 | 2.1 | CVE-2018-21062 CONFIRM |
| viewvc -- viewvc | ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28. | 2020-04-03 | 2.1 | CVE-2020-5283 MISC MISC CONFIRM |
| wordpress -- wordpress | Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session. | 2020-04-07 | 3.5 | CVE-2020-11516 MISC |
| wordpress -- wordpress | Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts. | 2020-04-07 | 3.5 | CVE-2020-11512 MISC MISC |
| wordpress -- wordpress | An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. | 2020-04-07 | 3.5 | CVE-2020-11508 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| broadcom -- advanced_secure_gateway | The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | 2020-04-10 | not yet calculated | CVE-2019-18375 MISC |
| d-link -- dsl_gs225_j1_devices | D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET. | 2020-04-10 | not yet calculated | CVE-2020-6765 CONFIRM |
| dell -- emc_networking_x-series_devices | Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints. | 2020-04-10 | not yet calculated | CVE-2020-5330 MISC |
| dropwizard -- dropwizard | dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions. | 2020-04-10 | not yet calculated | CVE-2020-11002 MISC MISC MISC MISC MISC CONFIRM MISC |
| fasterxml -- jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | 2020-04-07 | not yet calculated | CVE-2020-11619 MISC MISC |
| fasterxml -- jackson-databind | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | 2020-04-07 | not yet calculated | CVE-2020-11620 MISC MISC |
| huawei -- mate_30_pro_and_mate_30_smartphones | There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2). | 2020-04-10 | not yet calculated | CVE-2020-1801 MISC |
| huawei -- multiple_osca-550_series_devices | There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2). | 2020-04-10 | not yet calculated | CVE-2020-1802 MISC |
| jetbrains -- pycharm | In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | 2020-04-10 | not yet calculated | CVE-2020-11694 MISC MISC |
| juniper_networks -- ex_and_qfx_series_devices | On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3. | 2020-04-08 | not yet calculated | CVE-2020-1618 CONFIRM |
| juniper_networks -- high-end_srx_series_devices | On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices. | 2020-04-08 | not yet calculated | CVE-2020-1634 MISC |
| juniper_networks -- jatp_and_vjatp | Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. | 2020-04-08 | not yet calculated | CVE-2020-1616 MISC |
| juniper_networks -- junos_os | When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67. | 2020-04-08 | not yet calculated | CVE-2020-1639 MISC |
juniper_networks -- junos_os | A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.2 version 17.2R2 and later versions; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to version 16.1R1. | 2020-04-08 | not yet calculated | CVE-2020-1629 CONFIRM |
| juniper_networks -- junos_os | A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S14; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R4-S13, 16.1R7-S6; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3-S1; 18.2 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D420, 18.2X75-D60, 18.2X75-D411; 18.3 versions prior to 18.3R1-S5, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. | 2020-04-08 | not yet calculated | CVE-2020-1630 CONFIRM |
| juniper_networks -- junos_os | Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. This issue only affects Junos OS 17.4 and later releases. Prior releases do not support this feature and are unaffected by this vulnerability. This issue only affects IPv6. IPv4 ARP proxy is unaffected by this vulnerability. This issue affects Juniper Networks Junos OS: 17.4 versions prior to 17.4R2-S9, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S9 on MX Series; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3 on MX Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S2, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2 on MX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series. | 2020-04-09 | not yet calculated | CVE-2020-1633 CONFIRM |
| juniper_networks -- junos_os | Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300; 15.1 versions prior to 15.1R7-S6 on EX4300; 15.1X49 versions prior to 15.1X49-D200, 15.1X49-D210 on EX4300; 16.1 versions prior to 16.1R7-S7 on EX4300; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300; 18.1 versions prior to 18.1R3-S8 on EX4300; 18.2 versions prior to 18.2R3-S2 on EX4300; 18.3 versions prior to 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300; 19.1 versions prior to 19.1R1-S4, 19.1R2 on EX4300; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2 on EX4300. | 2020-04-08 | not yet calculated | CVE-2020-1628 CONFIRM |
| juniper_networks -- junos_os | This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. Continued inspection of these genuine packets will create an extended Denial of Service (DoS) condition. Depending on the method for service restoration, e.g. hard boot or soft reboot, a core file may or may not be generated the next time the packet is received and inspected by sFlow. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S9, 17.4R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.1 versions prior to 18.1R3-S9 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2 versions prior to 18.2R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.3 versions prior to 18.3R3 on PTX1000 and PTX10000 Series, QFX10000 Series. This issue is not applicable to Junos OS versions before 17.4R1. This issue is not applicable to Junos OS Evolved or Junos OS with Advanced Forwarding Toolkit (AFT) forwarding implementations which use a different implementation of sFlow. The following example information is unrelated to this issue and is provided solely to assist you with determining if you have AFT or not. Example: A Junos OS device which supports the use of EVPN signaled VPWS with Flexible Cross Connect uses the AFT implementation. Since this configuration requires support and use of the AFT implementation to support this configuration, the device is not vulnerable to this issue as the sFlow implementation is different using the AFT architecture. For further details about AFT visit the AFI / AFT are in the links below. If you are uncertain if you use the AFI/AFT implementation or not, there are configuration examples in the links below which you may use to determine if you are vulnerable to this issue or not. If the commands work, you are. If not, you are not. You may also use the Feature Explorer to determine if AFI/AFT is supported or not. If you are still uncertain, please contact your support resources. | 2020-04-08 | not yet calculated | CVE-2020-1617 MISC MISC MISC |
| juniper_networks -- junos_os | The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of "temp" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the 'show system virtual-memory' command as shown below: user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 and 15.1. | 2020-04-08 | not yet calculated | CVE-2020-1625 CONFIRM |
| juniper_networks -- junos_os | The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX. | 2020-04-08 | not yet calculated | CVE-2020-1615 CONFIRM |
| juniper_networks -- junos_os | A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20. | 2020-04-08 | not yet calculated | CVE-2020-1613 CONFIRM |
| juniper_networks -- junos_os_and_junos_os_evolved | The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO. | 2020-04-08 | not yet calculated | CVE-2020-1638 CONFIRM |
| juniper_networks -- junos_os_evolved | A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO. | 2020-04-08 | not yet calculated | CVE-2020-1626 CONFIRM MISC |
| juniper_networks -- multiple_devices | A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: > show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the "show vmhost status" is not supported, then the device does not have NG-RE with vmhost. | 2020-04-08 | not yet calculated | CVE-2020-1619 CONFIRM |
| juniper_networks -- nfx250_series_vsrx_vnf | A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1. | 2020-04-08 | not yet calculated | CVE-2020-1614 MISC MISC |
| juniper_networks -- srx_series_devices | A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. | 2020-04-08 | not yet calculated | CVE-2020-1637 CONFIRM |
| juniper_networks -- vmx_and_mx150_devices | A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the riot process causing a sustained Denial of Service. Flow cache is specific to vMX based products and the MX150, and is enabled by default in performance mode. This issue can only be triggered by traffic destined to the device. Transit traffic will not cause the riot daemon to crash. When the issue occurs, a core dump and riot log file entry are generated. For example: /var/crash/core.J-UKERN.mpc0.1557255993.3864.gz /home/pfe/RIOT logs: fpc0 riot[1888]: PANIC in lu_reorder_send_packet_postproc(): fpc0 riot[6655]: PANIC in lu_reorder_send_packet_postproc(): This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3 on vMX and MX150; 18.2 versions prior to 18.2R3 on vMX and MX150; 18.2X75 versions prior to 18.2X75-D60 on vMX and MX150; 18.3 versions prior to 18.3R3 on vMX and MX150; 18.4 versions prior to 18.4R2 on vMX and MX150; 19.1 versions prior to 19.1R2 on vMX and MX150. This issue does not affect Junos OS versions prior to 18.1R1. | 2020-04-08 | not yet calculated | CVE-2020-1627 CONFIRM |
| linux -- linux_kernel | KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file") | 2020-04-09 | not yet calculated | CVE-2020-8834 CONFIRM UBUNTU CONFIRM |
| periscope -- buyspeed | Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of the user, which could possibly cause website redirection, session hijacking, or information disclosure. This vulnerability has been patched in BuySpeed version 15.3. | 2020-04-10 | not yet calculated | CVE-2020-9056 CERT-VN MISC |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015). | 2020-04-10 | not yet calculated | CVE-2015-8546 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015). | 2020-04-10 | not yet calculated | CVE-2015-9547 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015). | 2020-04-10 | not yet calculated | CVE-2015-9546 CONFIRM |
| samsung -- multiple_mobile_devices | An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015). | 2020-04-10 | not yet calculated | CVE-2015-5524 CONFIRM |
| tendermint -- tendermint | Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim `activeID` of a peer after it's removed in Mempool reactor. This does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created and added to all reactors. RemovePeer is therefore called before `AddPeer`, which leads to always growing memory (`activeIDs` map). The activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a lot of connection attempts (exploiting above denial of service), which ultimately will lead to the node panicking. These issues are patched in Tendermint 0.33.3 and 0.32.10. ### For more information If you have any questions or comments about this advisory: * Open an issue in tendermint/tendermint * Email us at [security@tendermint.com](mailto:security@tendermint.com) More information can be found here. ### Credits - Ethan Buchman (@ebuchman) for writing a test case for Denial of Service 2 and Tess Rinearson (@tessr) for fixing it - Anton Kaliaev (@melekes) for fixing Denial of Service 1 | 2020-04-10 | not yet calculated | CVE-2020-5303 MISC CONFIRM MISC |
| wireshark -- wireshark | In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. | 2020-04-10 | not yet calculated | CVE-2020-11647 MISC MISC MISC |
| wmware -- tanzu_application_service_for_vms | VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling. | 2020-04-10 | not yet calculated | CVE-2020-5406 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.