6/1 Working VB LOW And SEVERITY NOT ASSIGNED Tables
Released
Jun 01, 2020
Document ID
SB20-153
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| grafana -- grafana | legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. | 2020-05-24 | 3.5 | CVE-2020-13429 MISC MISC |
| verbb -- image_resizer | An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. | 2020-05-25 | 3.5 | CVE-2020-13459 MISC |
| wordpress -- wordpress | The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI. | 2020-05-26 | 3.5 | CVE-2020-13487 MISC MISC MISC MISC |
| wordpress -- wordpress | An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion. | 2020-05-28 | 3.5 | CVE-2020-13644 MISC MISC |
| cmsmadesimple -- cms_made_simple | CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. | 2020-05-28 | 3.5 | CVE-2020-13660 MISC MISC |
| ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735. | 2020-05-29 | 3.5 | CVE-2020-4306 XF CONFIRM |
| ibm -- spectrum_scale | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762. | 2020-05-27 | 3.5 | CVE-2020-4358 XF CONFIRM |
| Ibm -- jazz_reporting_service | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071. | 2020-05-28 | 3.5 | CVE-2020-4419 XF CONFIRM |
| ocproducts -- composr | Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. | 2020-05-22 | 3.5 | CVE-2020-8789 MISC FULLDISC |
| centreon -- centreon | Centreon before 19.10.7 exposes Session IDs in server responses. | 2020-05-27 | 3.3 | CVE-2020-10945 MISC |
| dell -- client_consumer_and_commercial_docing_stations | Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. | 2020-05-28 | 2.6 | CVE-2020-5357 MISC |
| mozilla -- multiple_products | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | 2020-05-26 | 2.1 | CVE-2020-12392 MISC MISC MISC MISC |
| mozilla -- firefox | A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76. | 2020-05-26 | 2.1 | CVE-2020-12394 MISC MISC |
| qemu -- qemu | sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. | 2020-05-27 | 2.1 | CVE-2020-13253 CONFIRM CONFIRM MISC |
| qemu -- qemu | In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | 2020-05-28 | 2.1 | CVE-2020-13361 CONFIRM MISC |
| qemu -- qemu | In QEMU 4.2.0, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | 2020-05-28 | 2.1 | CVE-2020-13362 CONFIRM MISC MISC |
| freerdp-- freerdp | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | 2020-05-22 | 2.1 | CVE-2020-13396 MISC MISC MISC |
| freerdp-- freerdp | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | 2020-05-22 | 2.1 | CVE-2020-13397 MISC MISC MISC |
| freerdp-- freerdp | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | 2020-05-22 | 2.1 | CVE-2020-13398 MISC MISC MISC |
| huawei -- p30_smartphones | HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege. | 2020-05-29 | 2.1 | CVE-2020-1798 CONFIRM |
| cisco -- endpoints_linux_connector_software_and_endpoints_mac_connector_software | A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | 2020-05-22 | 2.1 | CVE-2020-3343 CISCO |
| cisco -- endpoints_linux_connector_software_and_endpoints_mac_connector_software | A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | 2020-05-22 | 2.1 | CVE-2020-3344 CISCO |
| netqmail -- netqmail | qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. | 2020-05-26 | 2.1 | CVE-2020-3812 CONFIRM MISC CONFIRM |
| android -- mailwise | Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. | 2020-05-29 | 2.1 | CVE-2020-5572 MISC MISC |
| android -- kinton_mobile | Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. | 2020-05-29 | 2.1 | CVE-2020-5573 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| red_hat -- mkhomedir | A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user. | 2020-05-27 | not yet calculated | CVE-2020-10737 CONFIRM CONFIRM |
| linux -- linux_kernel | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. | 2020-05-26 | not yet calculated | CVE-2020-10751 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11019 CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11038 CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11039 CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11040 CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11041 CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11043 CONFIRM |
| anchore -- engine | In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1. | 2020-05-27 | not yet calculated | CVE-2020-11075 MISC MISC MISC CONFIRM |
| freerdp-- freerdp | In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11085 MISC CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11086 MISC CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11087 MISC CONFIRM |
| freerdp-- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11088 MISC CONFIRM |
| freerdp-- freerdp | In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11089 MISC MISC CONFIRM |
| micro_focus -- service_management_automation | There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. | 2020-05-29 | not yet calculated | CVE-2020-11844 CONFIRM |
| vivotek -- network_cameras | testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices. | 2020-05-28 | not yet calculated | CVE-2020-11949 CONFIRM |
| vivotek -- network_cameras | VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. | 2020-05-28 | not yet calculated | CVE-2020-11950 CONFIRM |
| swarcos -- cpu_ls4000 | An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. | 2020-05-29 | not yet calculated | CVE-2020-12493 CONFIRM |
| smartdraw_llc -- smartdraw_2020 | In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine. | 2020-05-27 | not yet calculated | CVE-2020-13386 MISC |
| huawei -- mate_20_smartphones | HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. | 2020-05-29 | not yet calculated | CVE-2020-1797 CONFIRM |
| huawei -- mate_10_smartphones | HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. | 2020-05-29 | not yet calculated | CVE-2020-1809 CONFIRM |
| huawei -- mate_20_smartphones | HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. | 2020-05-29 | not yet calculated | CVE-2020-1831 CONFIRM |
| huawei -- e6878-370_products | E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution. | 2020-05-29 | not yet calculated | CVE-2020-1832 CONFIRM |
| huawei -- honor_9x_smartphones | Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone. | 2020-05-29 | not yet calculated | CVE-2020-1833 CONFIRM |
| huawei -- cloudengine_12800_products | CloudEngine 12800 products with versions of V200R019C00, V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine 6800 products with versions of V200R019C00SPC800 have a denial of service vulnerability. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. | 2020-05-29 | not yet calculated | CVE-2020-1870 CONFIRM |
| vmware -- multiple_products | VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. | 2020-05-29 | not yet calculated | CVE-2020-3957 CONFIRM |
| vmware -- multiple_products | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. | 2020-05-29 | not yet calculated | CVE-2020-3958 CONFIRM |
| vmware -- multiple_products | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. | 2020-05-29 | not yet calculated | CVE-2020-3959 CONFIRM |
| mulesoft -- mule_ce/ee | A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. | 2020-05-29 | not yet calculated | CVE-2020-6937 CONFIRM |
| synk-broker -- synk-broker | All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` | 2020-05-29 | not yet calculated | CVE-2020-7648 MISC MISC |
| synk-broker -- synk-broker
| All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json. | 2020-05-29 | not yet calculated | CVE-2020-7650 MISC MISC |
| synk-broker -- synk-broker
| All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. | 2020-05-29 | not yet calculated | CVE-2020-7651 MISC MISC |
| synk-broker -- synk-broker
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | 2020-05-29 | not yet calculated | CVE-2020-7652 MISC MISC |
| synk-broker -- synk-broker
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | 2020-05-29 | not yet calculated | CVE-2020-7653 MISC MISC |
| synk-broker -- synk-broker
| All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. | 2020-05-29 | not yet calculated | CVE-2020-7654 MISC MISC |
| abb -- device_library_wizard | Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 2020-05-29 | not yet calculated | CVE-2020-8482 CONFIRM |
| kantech -- entrapass_editions | A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | 2020-05-26 | not yet calculated | CVE-2020-9046 CONFIRM CERT |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.