Vulnerability Summary for the Week of May 25, 2020
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adminpanel -- adminplanel | Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter. | 2020-05-24 | 7.5 | CVE-2020-13433 MISC MISC |
apache -- kylin | Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. | 2020-05-22 | 9 | CVE-2020-1956 MISC |
aviatrix -- vpn_client | An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. | 2020-05-22 | 7.5 | CVE-2020-13417 MISC |
bosch -- recording_station | Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | 2020-05-27 | 7.2 | CVE-2020-6774 MISC |
cisco -- prime_network_registrar | A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. | 2020-05-22 | 7.8 | CVE-2020-3272 CISCO |
cisco -- unified_contact_center_express | A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. | 2020-05-22 | 10 | CVE-2020-3280 CISCO |
cybozu -- cybozu_desktop_for_windows | Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. | 2020-05-25 | 7.5 | CVE-2020-5537 JVN MISC MISC |
dext5 -- dext5_upload | A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/. | 2020-05-25 | 7.5 | CVE-2020-13442 MISC |
dns-sync -- dns-sync | node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1. | 2020-05-28 | 7.5 | CVE-2020-11079 MISC CONFIRM |
kaoni -- ezhttptrans | Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | 2020-05-22 | 7.5 | CVE-2020-7813 MISC MISC |
kaoni -- ezhttptrans | Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC. | 2020-05-28 | 7.5 | CVE-2020-7812 MISC MISC |
lenovo -- lj4010dn_devices | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted. | 2020-05-28 | 7.8 | CVE-2020-8330 CONFIRM |
lenovo -- lj4010dn_devices | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted. | 2020-05-28 | 7.8 | CVE-2020-8329 CONFIRM |
mozilla -- firefox | Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. | 2020-05-26 | 7.5 | CVE-2020-12390 MISC MISC |
mozilla -- firefox | Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76. | 2020-05-26 | 7.5 | CVE-2020-12396 MISC MISC |
mozilla -- firefox_and_firefox_esr | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. | 2020-05-26 | 7.5 | CVE-2020-12389 MISC MISC MISC |
mozilla -- firefox_and_firefox_esr | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. | 2020-05-26 | 7.5 | CVE-2020-12388 MISC MISC MISC MISC |
mozilla -- firefox_and_firefox_esr_and_thunderbird | Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | 2020-05-26 | 10 | CVE-2020-12395 MISC MISC MISC MISC |
mozilla -- firefox_and_firefox_esr_and_thunderbird | A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | 2020-05-26 | 7.5 | CVE-2020-6831 MISC MISC MISC MISC |
python -- python | An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. | 2020-05-22 | 7.5 | CVE-2020-13388 MISC MISC CONFIRM |
sqlite -- sqlite | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | 2020-05-27 | 7.5 | CVE-2020-13630 MISC MISC |
sympa -- sympa | Sympa before 6.2.56 allows privilege escalation. | 2020-05-27 | 7.2 | CVE-2020-10936 MISC MISC MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | 7.5 | CVE-2020-13392 MISC MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | 7.5 | CVE-2020-13394 MISC MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | 7.5 | CVE-2020-13393 MISC MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | 7.5 | CVE-2020-13391 MISC MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | 7.5 | CVE-2020-13390 MISC MISC |
tenda -- multiple_routers | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. | 2020-05-22 | 7.5 | CVE-2020-13389 MISC MISC |
trend_micro -- interscan_web_security_virtual_appliance | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | 2020-05-27 | 7.5 | CVE-2020-8606 MISC MISC |
ubiquiti -- airmax_xm_and_xw_and_ti_series_devices | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | 2020-05-26 | 7.5 | CVE-2020-8171 MISC MISC MISC |
vim -- vim | In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | 2020-05-28 | 10 | CVE-2019-20807 MISC MISC |
wordpress -- wordpress | An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | 2020-05-29 | 7.5 | CVE-2020-13693 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aviatrix -- controller | An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. | 2020-05-22 | 5 | CVE-2020-13415 MISC |
aviatrix -- controller | An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. | 2020-05-22 | 6.8 | CVE-2020-13412 MISC |
aviatrix -- controller | An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | 2020-05-22 | 5 | CVE-2020-13414 MISC |
aviatrix -- controller | An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. | 2020-05-22 | 5 | CVE-2020-13413 MISC |
aviatrix -- controller | An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. | 2020-05-22 | 4.3 | CVE-2020-13416 MISC |
axel -- axel | An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. | 2020-05-26 | 4.3 | CVE-2020-13614 MISC MISC |
centreon -- centreon | Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | 2020-05-27 | 4.3 | CVE-2020-10946 MISC |
centreon -- centreon | Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | 2020-05-27 | 4.3 | CVE-2020-13628 MISC |
centreon -- centreon | Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | 2020-05-27 | 4.3 | CVE-2020-13627 MISC |
cisco -- amp_for_endpoints_mac_connector | A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. | 2020-05-22 | 5.8 | CVE-2020-3314 CISCO |
cisco -- prime_collaboration_provisioning_software | A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. | 2020-05-22 | 6.5 | CVE-2020-3184 CISCO |
drupal -- drupal | An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. | 2020-05-28 | 6.8 | CVE-2019-6342 CONFIRM |
em-http_request -- em-http-request | EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | 2020-05-25 | 6.8 | CVE-2020-13482 MISC |
epson -- eb-1470ui_devices | An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability. | 2020-05-22 | 6.4 | CVE-2020-6091 MISC |
ffipeg -- ffipeg | ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. | 2020-05-24 | 4.3 | CVE-2020-13439 MISC |
ffipeg -- ffipeg | ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. | 2020-05-24 | 4.3 | CVE-2020-13438 MISC |
ffipeg -- ffipeg | ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. | 2020-05-24 | 4.3 | CVE-2020-13440 MISC |
fork -- fork_cms | Fork before 5.8.3 allows XSS via navigation_title or title. | 2020-05-27 | 4.3 | CVE-2020-13633 MISC |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | 2020-05-29 | 4 | CVE-2020-11018 CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. | 2020-05-29 | 5 | CVE-2020-11017 CONFIRM |
gnome -- glib-networking | In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. | 2020-05-28 | 6.4 | CVE-2020-13645 MISC MISC |
grafana_labs -- grafana | Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | 2020-05-24 | 4.3 | CVE-2020-13430 MISC MISC CONFIRM |
ibm -- business_automation_workflow | IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989 | 2020-05-29 | 5.8 | CVE-2020-4490 XF CONFIRM |
ibm -- mobilefirst_platform_foundation | IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207. | 2020-05-27 | 5 | CVE-2020-4226 XF CONFIRM |
ibm -- mq_for_hpe_nonstop | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. | 2020-05-29 | 4.4 | CVE-2020-4352 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. | 2020-05-28 | 4 | CVE-2020-4249 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. | 2020-05-28 | 4 | CVE-2020-4248 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335. | 2020-05-28 | 4 | CVE-2020-4231 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. | 2020-05-28 | 5 | CVE-2020-4233 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. | 2020-05-28 | 5 | CVE-2020-4244 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. | 2020-05-28 | 5 | CVE-2020-4245 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. | 2020-05-28 | 5 | CVE-2020-4232 XF CONFIRM |
ibm -- security_identity_governance_and_intelligence | IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481. | 2020-05-28 | 5.5 | CVE-2020-4246 XF CONFIRM |
ibm -- spectrum_scale | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424. | 2020-05-27 | 5 | CVE-2020-4350 XF CONFIRM |
ibm -- spectrum_scale | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157. | 2020-05-27 | 4 | CVE-2020-4378 XF CONFIRM |
ibm -- spectrum_scale | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. | 2020-05-27 | 5 | CVE-2020-4349 XF CONFIRM |
ibm -- spectrum_scale | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761. | 2020-05-27 | 4 | CVE-2020-4357 XF CONFIRM |
ibm -- spectrum_scale | IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414 | 2020-05-27 | 4 | CVE-2020-4348 XF CONFIRM |
ibm -- spectrum_scale | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158. | 2020-05-27 | 5 | CVE-2020-4379 XF CONFIRM |
jerryscript -- jerryscript | JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. | 2020-05-27 | 5 | CVE-2020-13623 MISC |
jerryscript -- jerryscript | parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. | 2020-05-28 | 5 | CVE-2020-13649 MISC MISC MISC |
jerryscript -- jerryscript | JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. | 2020-05-27 | 5 | CVE-2020-13622 MISC MISC |
joomla! -- joomla! | The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. | 2020-05-23 | 4 | CVE-2020-13424 MISC |
kaminari -- kaminari | In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. | 2020-05-28 | 4.3 | CVE-2020-11082 MISC MISC CONFIRM |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. | 2020-05-27 | 5 | CVE-2019-20806 MISC MISC MISC |
linux -- linux_kernel | A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. | 2020-05-22 | 5 | CVE-2020-10711 CONFIRM CONFIRM |
meinheld -- meinheld | meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. | 2020-05-22 | 4.3 | CVE-2020-7658 MISC MISC |
monstra -- monstra_cms | Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. | 2020-05-22 | 6.5 | CVE-2020-13384 MISC |
mozilla -- firefox | Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. | 2020-05-26 | 5 | CVE-2020-12391 MISC MISC |
mozilla -- firefox_and_firefox_esr_and_thunderbird | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | 2020-05-26 | 6.8 | CVE-2020-12387 MISC MISC MISC MISC |
mozilla -- firefox_and_firefox_esr_and_thunderbird | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | 2020-05-26 | 4.6 | CVE-2020-12393 MISC MISC MISC MISC |
mozilla -- firefox_for_ios | For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25. | 2020-05-26 | 5 | CVE-2020-6830 MISC MISC |
mozilla -- thunderbird | By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. | 2020-05-22 | 4.3 | CVE-2020-12397 MISC MISC |
netgear -- multiple_devices | Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. | 2020-05-28 | 4.3 | CVE-2020-13245 MISC MISC |
netqmail -- netqmail | qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. | 2020-05-26 | 5 | CVE-2020-3811 CONFIRM MISC CONFIRM |
pi-hole -- pi-hole | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 2020-05-29 | 6.5 | CVE-2020-8816 CONFIRM MISC |
pichi -- pichi | The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification. | 2020-05-26 | 4.3 | CVE-2020-13616 MISC MISC |
pixel_&_tonic -- craft_cms | The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | 2020-05-25 | 5.8 | CVE-2020-13486 MISC |
pixel_&_tonic -- craft_cms | The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | 2020-05-25 | 6.4 | CVE-2020-13485 MISC MISC |
pixel_&_tonic -- craft_cms | An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action. | 2020-05-25 | 6.8 | CVE-2020-13458 MISC |
protocol_labs -- aegir | In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1. | 2020-05-27 | 5 | CVE-2020-11059 CONFIRM |
puma_gem_for_ruby_on_rails -- puma_gem_for_ruby_on_rails | In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. | 2020-05-22 | 5 | CVE-2020-11077 MISC CONFIRM |
puma_gem_for_ruby_on_rails -- puma_gem_for_ruby_on_rails | In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | 2020-05-22 | 5 | CVE-2020-11076 MISC MISC CONFIRM |
qore -- qore | lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. | 2020-05-26 | 4.3 | CVE-2020-13615 MISC MISC |
red_hat -- undertow | A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. | 2020-05-26 | 6.4 | CVE-2020-10719 CONFIRM |
sqlite -- sqlite | SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | 2020-05-24 | 5 | CVE-2020-13435 CONFIRM MISC |
sqlite -- sqlite | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | 2020-05-24 | 5 | CVE-2020-13434 MLIST CONFIRM MISC MISC |
sqlite -- sqlite | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | 2020-05-27 | 5 | CVE-2020-13631 MISC MISC |
sqlite -- sqlite | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | 2020-05-27 | 5 | CVE-2020-13632 MISC MISC |
teradici -- pcoip_standard_agent_for_windows_and_pcoip_graphics_agent_for_windows | Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe. | 2020-05-28 | 4.6 | CVE-2020-13173 CONFIRM |
trackr -- multiple_devices | TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. | 2020-05-23 | 6.8 | CVE-2020-13425 MISC |
trend_micro -- interscan_web_security_virtual_appliance | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. | 2020-05-27 | 6.5 | CVE-2020-8605 MISC MISC |
trend_micro -- interscan_web_security_virtual_appliance | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. | 2020-05-27 | 5 | CVE-2020-8604 MISC MISC |
trend_micro -- interscan_web_security_virtual_appliance | A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-05-27 | 4.3 | CVE-2020-8603 MISC MISC |
ubiquiti -- airmax_xm_and_xw_and_ti_series_devices | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | 2020-05-26 | 4.3 | CVE-2020-8170 MISC MISC MISC |
ubiquiti -- airmax_xm_and_xw_and_ti_series_devices | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | 2020-05-26 | 6.8 | CVE-2020-8168 MISC MISC MISC MISC MISC |
wordpress -- wordpress | An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. | 2020-05-28 | 6.8 | CVE-2020-13642 MISC MISC |
wordpress -- wordpress | An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. | 2020-05-28 | 6.8 | CVE-2020-13643 MISC MISC |
wordpress -- wordpress | An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser. | 2020-05-28 | 6.8 | CVE-2020-13641 MISC MISC |
wordpress -- wordpress | The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. | 2020-05-29 | 6.5 | CVE-2020-12675 MISC MISC |
youhua -- windows_master | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558 | 2020-05-29 | 6.1 | CVE-2020-13634 MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
centreon -- centreon | Centreon before 19.10.7 exposes Session IDs in server responses. | 2020-05-27 | 3.3 | CVE-2020-10945 MISC |
cisco -- endpoints_linux_connector_software_and_endpoints_mac_connector_software | A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | 2020-05-22 | 2.1 | CVE-2020-3344 CISCO |
cisco -- endpoints_linux_connector_software_and_endpoints_mac_connector_software | A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | 2020-05-22 | 2.1 | CVE-2020-3343 CISCO |
cmsmadesimple -- cms_made_simple | CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. | 2020-05-28 | 3.5 | CVE-2020-13660 MISC MISC |
cybozu -- kinton_mobile_for_android | Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. | 2020-05-29 | 2.1 | CVE-2020-5573 MISC MISC |
cybozu -- mailwise_for_android | Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. | 2020-05-29 | 2.1 | CVE-2020-5572 MISC MISC |
dell -- client_consumer_and_commercial_docking_stations | Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. | 2020-05-28 | 2.6 | CVE-2020-5357 MISC |
freerdp -- freerdp | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | 2020-05-22 | 2.1 | CVE-2020-13396 MISC MISC MISC |
freerdp -- freerdp | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | 2020-05-22 | 2.1 | CVE-2020-13398 MISC MISC MISC |
freerdp -- freerdp | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | 2020-05-22 | 2.1 | CVE-2020-13397 MISC MISC MISC |
grafana_labs -- grafana | legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. | 2020-05-24 | 3.5 | CVE-2020-13429 MISC MISC |
huawei -- p30_smartphones | HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege. | 2020-05-29 | 2.1 | CVE-2020-1798 CONFIRM |
ibm -- jazz_reporting_service | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071. | 2020-05-28 | 3.5 | CVE-2020-4419 XF CONFIRM |
ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735. | 2020-05-29 | 3.5 | CVE-2020-4306 XF CONFIRM |
ibm -- spectrum_scale | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762. | 2020-05-27 | 3.5 | CVE-2020-4358 XF CONFIRM |
mozilla -- firefox | A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76. | 2020-05-26 | 2.1 | CVE-2020-12394 MISC MISC |
mozilla -- firefox_and_firefox_esr_and_thunderbird | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | 2020-05-26 | 2.1 | CVE-2020-12392 MISC MISC MISC MISC |
netqmail -- netqmail | qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. | 2020-05-26 | 2.1 | CVE-2020-3812 CONFIRM MISC CONFIRM |
ocproducts -- composr | Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. | 2020-05-22 | 3.5 | CVE-2020-8789 MISC FULLDISC |
pixel_&_tonic -- craft_cms | An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. | 2020-05-25 | 3.5 | CVE-2020-13459 MISC |
qemu -- qemu | sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. | 2020-05-27 | 2.1 | CVE-2020-13253 CONFIRM CONFIRM MISC |
qemu -- qemu | In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | 2020-05-28 | 2.1 | CVE-2020-13361 CONFIRM MISC |
qemu -- qemu | In QEMU 4.2.0, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | 2020-05-28 | 2.1 | CVE-2020-13362 CONFIRM MISC MISC |
wordpress -- wordpress | The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI. | 2020-05-26 | 3.5 | CVE-2020-13487 MISC MISC MISC MISC |
wordpress -- wordpress | An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion. | 2020-05-28 | 3.5 | CVE-2020-13644 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb -- device_library_wizard | Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | 2020-05-29 | not yet calculated | CVE-2020-8482 CONFIRM |
anchore -- engine | In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1. | 2020-05-27 | not yet calculated | CVE-2020-11075 MISC MISC MISC CONFIRM |
freerdp -- freerdp | In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11089 MISC MISC CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11088 MISC CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11086 MISC CONFIRM |
freerdp -- freerdp | In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11085 MISC CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11043 CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11041 CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11040 CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11039 CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11038 CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11019 CONFIRM |
freerdp -- freerdp | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. | 2020-05-29 | not yet calculated | CVE-2020-11087 MISC CONFIRM |
huawei -- cloudengine_12800_products | CloudEngine 12800 products with versions of V200R019C00, V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine 6800 products with versions of V200R019C00SPC800 have a denial of service vulnerability. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. | 2020-05-29 | not yet calculated | CVE-2020-1870 CONFIRM |
huawei -- e6878-370_products | E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution. | 2020-05-29 | not yet calculated | CVE-2020-1832 CONFIRM |
huawei -- honor_9x_smartphones | Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone. | 2020-05-29 | not yet calculated | CVE-2020-1833 CONFIRM |
huawei -- mate_10_smartphones | HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. | 2020-05-29 | not yet calculated | CVE-2020-1809 CONFIRM |
huawei -- mate_20_smartphones | HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. | 2020-05-29 | not yet calculated | CVE-2020-1831 CONFIRM |
huawei -- mate_20_smartphones | HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. | 2020-05-29 | not yet calculated | CVE-2020-1797 CONFIRM |
kantech -- entrapass_editions | A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | 2020-05-26 | not yet calculated | CVE-2020-9046 CONFIRM CERT |
linux -- linux_kernel | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. | 2020-05-26 | not yet calculated | CVE-2020-10751 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
micro_focus -- service_management_automation | There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. | 2020-05-29 | not yet calculated | CVE-2020-11844 CONFIRM |
mulesoft -- mule_ce/ee | A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. | 2020-05-29 | not yet calculated | CVE-2020-6937 CONFIRM |
oddjob-mkhomedir -- oddjob-mkhomedir | A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user. | 2020-05-27 | not yet calculated | CVE-2020-10737 CONFIRM CONFIRM |
smartdraw -- smartdraw_2020 | In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine. | 2020-05-27 | not yet calculated | CVE-2020-13386 MISC |
swarcos -- cpu_ls4000_series_devices | An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. | 2020-05-29 | not yet calculated | CVE-2020-12493 CONFIRM |
synk-broker -- synk-broker
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | 2020-05-29 | not yet calculated | CVE-2020-7653 MISC MISC |
synk-broker -- synk-broker
| All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. | 2020-05-29 | not yet calculated | CVE-2020-7654 MISC MISC |
synk-broker -- synk-broker
| All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. | 2020-05-29 | not yet calculated | CVE-2020-7651 MISC MISC |
synk-broker -- synk-broker
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | 2020-05-29 | not yet calculated | CVE-2020-7652 MISC MISC |
synk-broker -- synk-broker
| All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json. | 2020-05-29 | not yet calculated | CVE-2020-7650 MISC MISC |
synk-broker -- synk-broker | All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` | 2020-05-29 | not yet calculated | CVE-2020-7648 MISC MISC |
vivotek -- network_cameras | VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. | 2020-05-28 | not yet calculated | CVE-2020-11950 CONFIRM |
vivotek -- network_cameras | testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices. | 2020-05-28 | not yet calculated | CVE-2020-11949 CONFIRM |
vmware -- multiple_products | VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. | 2020-05-29 | not yet calculated | CVE-2020-3957 CONFIRM |
vmware -- multiple_products | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. | 2020-05-29 | not yet calculated | CVE-2020-3958 CONFIRM |
vmware -- multiple_products | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. | 2020-05-29 | not yet calculated | CVE-2020-3959 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.