Vulnerability Summary for the Week of December 7, 2020CISA All NCAS Products

Original release date: December 14, 2020

High Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

acdsee — photo_studio_2021
PlugInsIDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa.
2020-12-07
7.5
CVE-2020-29595
MISC

anydesk — anydesk
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.
2020-12-09
7.2
CVE-2020-27614
MISC
MISC

apache — storm_docker
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29580
MISC

apache — tapestry
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the “sp” parameter even before invoking the page’s validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.
2020-12-08
7.5
CVE-2020-17531
MISC
MLIST

apple — icloud
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.
2020-12-08
9.3
CVE-2020-9981
MISC
MISC
MISC
MISC
MISC
MISC

apple — icloud
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.
2020-12-08
9.3
CVE-2020-27932
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

apple — icloud
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution.
2020-12-08
9.3
CVE-2020-27917
MISC
MISC
MISC
MISC
MISC
MISC

apple — icloud
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.
2020-12-08
9.3
CVE-2020-27912
MISC
MISC
MISC
MISC
MISC
MISC

apple — icloud
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
2020-12-08
9.3
CVE-2020-27911
MISC
MISC
MISC
MISC
MISC
MISC

apple — ipados
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
2020-12-08
9.3
CVE-2020-27909
MISC
MISC
MISC

apple — ipados
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
2020-12-08
9.3
CVE-2020-10013
MISC
MISC

apple — ipados
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.
2020-12-08
9.3
CVE-2020-10016
MISC
MISC
MISC
MISC

apple — ipados
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
2020-12-08
9.3
CVE-2020-27926
MISC

apple — ipados
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.
2020-12-08
9.3
CVE-2020-27905
MISC
MISC
MISC

apple — ipados
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
2020-12-08
9.3
CVE-2020-27910
MISC
MISC
MISC
MISC

apple — ipados
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
2020-12-08
9.3
CVE-2020-27916
MISC
MISC
MISC
MISC

apple — ipados
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
2020-12-08
9.3
CVE-2020-9949
MISC
MISC
MISC
MISC
MISC

apple — ipados
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
2020-12-08
9.3
CVE-2020-9965
MISC
MISC
MISC
MISC

apple — ipados
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
2020-12-08
7.1
CVE-2020-27950
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

apple — macos
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
2020-12-08
9.3
CVE-2020-27904
MISC

apple — macos
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges.
2020-12-08
9.3
CVE-2020-27903
MISC

apple — macos
Multiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or heap corruption.
2020-12-08
9.3
CVE-2020-27906
MISC

awstats — awstats
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
2020-12-07
7.5
CVE-2020-29600
MISC
MISC

cisco — jabber
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
2020-12-11
9
CVE-2020-27134
CISCO

deepref_project — deepref
Prototype pollution vulnerability in ‘deepref’ versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution.
2020-12-08
7.5
CVE-2020-28274
CONFIRM

docker — notary_docker_image
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29601
MISC

druva — insync
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.
2020-12-07
7.2
CVE-2020-5798
MISC
MISC

eat_spray_love_project — eat_spray_love
The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users’ data.
2020-12-07
7.5
CVE-2020-5799
MISC

eat_spray_love_project — eat_spray_love
The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to.
2020-12-07
7.5
CVE-2020-5800
MISC

eggheads — eggdrop_docker
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29576
MISC

elixir-lang — docker_image
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29575
MISC

express-gateway — express-gateway_docker
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
2020-12-08
10
CVE-2020-29579
MISC

hashicorp — consul
The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29564
MISC

ibm — aix
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
2020-12-10
7.2
CVE-2020-4829
XF
CONFIRM

idreamsoft — icms
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
2020-12-10
10
CVE-2020-19142
MISC

idreamsoft — icms
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
2020-12-10
10
CVE-2020-19527
MISC

imagemagick — imagemagick
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
2020-12-07
7.5
CVE-2020-29599
MISC
MISC

incomcms_project — incomcms
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
2020-12-07
7.5
CVE-2020-29597
MISC
MISC

irssi — docker_image
The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29602
MISC

katacontainers — kata_containers
An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes.
2020-12-07
9
CVE-2020-27151
MISC
MISC
MISC
MISC

linux — linux_kernel
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
2020-12-09
7.2
CVE-2020-29660
MLIST
MISC

linux — linux_kernel
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
2020-12-09
7.2
CVE-2020-29661
MLIST
MISC

matomo — docker
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
2020-12-08
10
CVE-2020-29578
MISC

microsoft — 365_apps
, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
2020-12-10
9.3
CVE-2020-17125
MISC
MISC

microsoft — 365_apps
, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.
2020-12-10
9.3
CVE-2020-17128
MISC
MISC

microsoft — 365_apps
, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
2020-12-10
9.3
CVE-2020-17123
MISC

microsoft — 365_apps
, aka ‘Microsoft PowerPoint Remote Code Execution Vulnerability’.
2020-12-10
9.3
CVE-2020-17124
MISC

microsoft — c_sdk_for_azure_iot
, aka ‘Azure SDK for C Security Feature Bypass Vulnerability’.
2020-12-10
9.4
CVE-2020-17002
MISC

microsoft — excel
, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.
2020-12-10
9.3
CVE-2020-17127
MISC

microsoft — exchange_server
, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.
2020-12-10
9
CVE-2020-17117
MISC

microsoft — office
, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
2020-12-10
9.3
CVE-2020-17122
MISC

microsoft — sharepoint_foundation
, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17121.
2020-12-10
10
CVE-2020-17118
MISC

microsoft — windows_10
, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.
2020-12-10
7.2
CVE-2020-16964
MISC

microsoft — windows_10
, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’.
2020-12-10
7.2
CVE-2020-17092
MISC

microsoft — windows_10
, aka ‘Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-17134, CVE-2020-17136.
2020-12-10
7.2
CVE-2020-17103
MISC

microsoft — windows_10
, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
2020-12-10
7.2
CVE-2020-16958
MISC

microsoft — windows_10
, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
2020-12-10
7.2
CVE-2020-16959
MISC

microsoft — windows_10
, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
2020-12-10
7.2
CVE-2020-16961
MISC

microsoft — windows_10
, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.
2020-12-10
7.2
CVE-2020-16962
MISC

microsoft — windows_10
, aka ‘Hyper-V Remote Code Execution Vulnerability’.
2020-12-10
9
CVE-2020-17095
MISC

microsoft — windows_10
, aka ‘Windows NTFS Remote Code Execution Vulnerability’.
2020-12-10
9
CVE-2020-17096
MISC

microsoft — windows_10
, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
2020-12-10
7.2
CVE-2020-16960
MISC

mozilla — firefox
Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.
2020-12-09
9.3
CVE-2020-26969
MISC
CONFIRM

mozilla — firefox
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
9.3
CVE-2020-26960
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
2020-12-09
9.3
CVE-2020-26950
MISC
CONFIRM

mozilla — firefox
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.
2020-12-09
9.3
CVE-2020-26952
MISC
CONFIRM

mozilla — firefox
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
9.3
CVE-2020-26968
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — thunderbird
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
2020-12-09
9.3
CVE-2020-26970
MISC
CONFIRM

notable — notable
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).
2020-12-10
9.3
CVE-2020-16608
MISC
MISC

online_bus_booking_system_project_using_php/mysql_project — online_bus_booking_system_project_using_php/mysql
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
2020-12-08
7.5
CVE-2020-25889
MISC
FULLDISC
MISC
MISC

redhat — wildfly
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API’s java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.
2020-12-08
7.8
CVE-2020-27822
CONFIRM

sap — business_warehouse
SAP Business Warehouse, versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions – 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.
2020-12-09
9
CVE-2020-26838
MISC
MISC

sap — netweaver_application_server_java
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.
2020-12-09
9
CVE-2020-26829
MISC
MISC

sap — netweaver_as_abap
SAP AS ABAP (SAP Landscape Transformation), versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions – 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
2020-12-09
7.5
CVE-2020-26832
MISC
MISC

tarsnap — spiped_docker
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29581
MISC

ubilling — ubilling
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.
2020-12-10
10
CVE-2020-29311
MISC
MISC
MISC

znc — znc_docker
The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
2020-12-08
10
CVE-2020-29577
MISC

Medium Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

apache — apisix
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
2020-12-07
4
CVE-2020-13945
CONFIRM

apple — icloud
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-9947
MISC
MISC
MISC
MISC
MISC
MISC

apple — icloud
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-27918
MISC
MISC
MISC
MISC
MISC
MISC
MISC

apple — icloud
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
2020-12-08
5
CVE-2020-9991
MISC
MISC
MISC
MISC
MISC

apple — ipad_os
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
2020-12-08
4.6
CVE-2020-10003
MISC
MISC
MISC
MISC

apple — ipad_os
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-10017
MISC
MISC
MISC
MISC

apple — ipad_os
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user’s open tabs in Safari.
2020-12-08
4.3
CVE-2020-9977
MISC
MISC

apple — ipad_os
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
2020-12-08
6.8
CVE-2020-10004
MISC
MISC

apple — ipad_os
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
2020-12-08
6.8
CVE-2020-9966
MISC
MISC
MISC
MISC

apple — ipad_os
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.
2020-12-08
6.8
CVE-2020-9996
MISC
MISC

apple — ipad_os
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.
2020-12-08
4.3
CVE-2020-9974
MISC
MISC
MISC
MISC

apple — ipad_os
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
2020-12-08
6.8
CVE-2020-9972
MISC

apple — ipados
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-27930
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

apple — ipados
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
2020-12-08
4.6
CVE-2020-10010
MISC
MISC
MISC
MISC

apple — ipados
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-9954
MISC
MISC
MISC
MISC

apple — ipados
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-27927
MISC
MISC
MISC
MISC

apple — ipados
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
2020-12-08
6.8
CVE-2020-10011
MISC
MISC

apple — ipados
The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.
2020-12-08
4.3
CVE-2020-9963
MISC
MISC

apple — ipados
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.
2020-12-08
4.3
CVE-2020-9944
MISC
MISC
MISC
MISC

apple — ipados
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.
2020-12-08
4.3
CVE-2020-9943
MISC
MISC
MISC
MISC

apple — iphone_os
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so.
2020-12-08
4.3
CVE-2020-27929
MISC

apple — itunes
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
2020-12-08
4.3
CVE-2020-9849
MISC
MISC
MISC
MISC
MISC
MISC

apple — itunes
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-9999
MISC
MISC

apple — itunes
An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.
2020-12-08
4.3
CVE-2020-27895
MISC

apple — mac_os
The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from.
2020-12-08
4.3
CVE-2020-27894
MISC

apple — mac_os_x
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.
2020-12-08
4.3
CVE-2020-9922
MISC

apple — mac_os_x
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.
2020-12-08
4.3
CVE-2020-10009
MISC

apple — mac_os_x
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.
2020-12-08
4.3
CVE-2020-27896
MISC

apple — mac_os_x
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.
2020-12-08
4.3
CVE-2020-10006
MISC

apple — macos
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.
2020-12-08
4.3
CVE-2020-10014
MISC

apple — macos
An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to.
2020-12-08
4.3
CVE-2020-27900
MISC

apple — macos
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.
2020-12-08
4.3
CVE-2020-10012
MISC

apple — macos
A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1. An attacker may be able to bypass Managed Frame Protection.
2020-12-08
4.3
CVE-2020-27898
MISC

apple — safari
The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.
2020-12-08
4.3
CVE-2020-9993
MISC
MISC
MISC

apple — safari
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.
2020-12-08
4.3
CVE-2020-9942
MISC
MISC

apple — safari
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.
2020-12-08
4.3
CVE-2020-9945
MISC
MISC

apple — safari
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.
2020-12-08
4.3
CVE-2020-9987
MISC

apple — safari
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
2020-12-08
6.8
CVE-2020-9950
MISC
MISC
MISC
MISC

asus — rt-ac88u_firmware
An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach “unknown functionality” in a “known to be easy” manner via an unspecified “public exploit.”
2020-12-09
5
CVE-2020-29656
MISC

asus — rt-ac88u_firmware
An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.
2020-12-09
5
CVE-2020-29655
MISC

aswf — openexr
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
2020-12-09
4.3
CVE-2020-16587
MISC
MISC

aswf — openexr
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
2020-12-09
4.3
CVE-2020-16588
MISC
MISC

aswf — openexr
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
2020-12-09
4.3
CVE-2020-16589
MISC
MISC

bookstackapp — bookstack
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL’s to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.
2020-12-09
5.5
CVE-2020-26260
MISC
MISC
CONFIRM

boom-core — risvc-boom
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.
2020-12-04
4.3
CVE-2020-29561
MISC

divebook_project — divebook
The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter).
2020-12-08
4.3
CVE-2020-14206
MISC
MISC

divebook_project — divebook
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
2020-12-08
5
CVE-2020-14205
MISC
MISC

divebook_project — divebook
The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter.
2020-12-08
5
CVE-2020-14207
MISC
MISC

getkirby — kirby
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access *cannot* use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability. Note: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14.
2020-12-08
6.5
CVE-2020-26255
MISC
MISC
CONFIRM
MISC
MISC
MISC

getkirby — kirby
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don’t have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget registering your first admin account on a public server. In this case – without our security block – someone else might theoretically be able to find your site, find out it’s running on Kirby, find the Panel and then register the account first. It’s an unlikely situation, but it’s still a certain risk. To be able to register the first Panel account on a public server, you have to enforce the installer via a config setting. This helps to push all users to the best practice of registering your first Panel account on your local machine and upload it together with the rest of the site. This installation block implementation in Kirby versions before 3.3.6 still assumed that .dev domains are local domains, which is no longer true. In the meantime, those domains became publicly available. This means that our installation block is no longer working as expected if you use a .dev domain for your Kirby site. Additionally the local installation check may also fail if your site is behind a reverse proxy. You are only affected if you use a .dev domain or your site is behind a reverse proxy and you have not yet registered your first Panel account on the public server and someone finds your site and tries to login at `yourdomain.dev/panel` before you register your first account. You are not affected if you have already created one or multiple Panel accounts (no matter if on a .dev domain or behind a reverse proxy). The problem has been patched in Kirby 3.3.6. Please upgrade to this or a later version to fix the vulnerability.
2020-12-08
4.3
CVE-2020-26253
MISC
CONFIRM
MISC
MISC
MISC

gnu — binutils
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
2020-12-09
4.3
CVE-2020-16592
MISC
MISC

gnu — binutils
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
2020-12-09
4.3
CVE-2020-16593
MISC
MISC

gnu — binutils
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.
2020-12-09
4.3
CVE-2020-16598
MISC
MISC

gnu — binutils
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
2020-12-09
4.3
CVE-2020-16599
MISC
MISC

gnu — binutils
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
2020-12-09
4.3
CVE-2020-16590
MISC
MISC

gnu — binutils
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.34 due to an invalid read in process_symbol_table, as demonstrated in readeif.
2020-12-09
4.3
CVE-2020-16591
MISC
MISC

gnu — glibc
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a x00x04x00x00x00x00x00x00x00x04 value to sprintf.
2020-12-06
5
CVE-2020-29573
MISC
MISC

gnu — glibc
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
2020-12-04
5
CVE-2020-29562
MISC

huawei — honor_20_pro_firmware
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
2020-12-07
6.8
CVE-2020-9247
MISC

ibm — sterling_b2b_integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.
2020-12-10
4
CVE-2019-4738
XF
CONFIRM

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27773
MISC

imagemagick — imagemagick
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-25675
MISC

imagemagick — imagemagick
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-04
4.3
CVE-2020-27770
MISC

imagemagick — imagemagick
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-25676
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27767
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27765
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-08
4.3
CVE-2020-27758
MISC

imagemagick — imagemagick
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-08
4.3
CVE-2020-25674
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-08
4.3
CVE-2020-27750
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-27751
MISC

imagemagick — imagemagick
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-27753
MISC

imagemagick — imagemagick
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.
2020-12-08
4.3
CVE-2020-27754
MISC

imagemagick — imagemagick
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-27755
MISC

imagemagick — imagemagick
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-27756
MISC

imagemagick — imagemagick
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27771
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27772
MISC

imagemagick — imagemagick
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `”dc:format=”image/dng”` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-25667
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.
2020-12-04
6.8
CVE-2020-27766
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27776
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27775
MISC

imagemagick — imagemagick
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
2020-12-08
5.8
CVE-2020-25664
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
4.3
CVE-2020-27774
MISC

imagemagick — imagemagick
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-08
4.3
CVE-2020-27757
MISC

imagemagick — imagemagick
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-25663
MISC
MISC
MISC

imagemagick — imagemagick
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-08
4.3
CVE-2020-25665
MISC

imagemagick — imagemagick
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
4.3
CVE-2020-25666
MISC

imagemagick — imagemagick
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-08
5.8
CVE-2020-27752
MISC

infolific — ultimate_category_excluder
The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.
2020-12-11
6.8
CVE-2020-35135
MISC
MISC

inspur — nf8480m5_firmware
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator’s rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.
2020-12-07
6.5
CVE-2020-26122
MISC
CONFIRM

intland — codebeamer_application_lifecycle_management
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
2020-12-07
4.3
CVE-2020-26513
MISC
MISC

jerryscript — jerryscript
In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.
2020-12-09
6.4
CVE-2020-29657
MISC

kaspersky — anti-ransomware_tool
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
2020-12-04
6.9
CVE-2020-28950
MISC
MISC

libpng — pngcheck
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
2020-12-08
4.3
CVE-2020-27818
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM

matrix — synapse
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference “homeserver” implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`).
2020-12-09
4
CVE-2020-26257
MISC
MISC
MISC
CONFIRM

mcafee — virusscan_enterprise
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
2020-12-09
4.6
CVE-2020-7337
CONFIRM

microsoft — 365_apps
, aka ‘Microsoft Outlook Information Disclosure Vulnerability’.
2020-12-10
5
CVE-2020-17119
MISC
MISC

microsoft — 365_apps
, aka ‘Microsoft Excel Security Feature Bypass Vulnerability’.
2020-12-10
6
CVE-2020-17130
MISC

microsoft — azure_devops_server
, aka ‘Azure DevOps Server Spoofing Vulnerability’.
2020-12-10
4.9
CVE-2020-17135
MISC

microsoft — azure_sdk_for_java
, aka ‘Azure SDK for Java Security Feature Bypass Vulnerability’.
2020-12-10
6.4
CVE-2020-16971
MISC

microsoft — dynamics_365
, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17158.
2020-12-10
6.5
CVE-2020-17152
MISC

microsoft — dynamics_nav
, aka ‘Microsoft Dynamics Business Central/NAV Information Disclosure’.
2020-12-10
4
CVE-2020-17133
MISC

microsoft — edge
, aka ‘Microsoft Edge for Android Spoofing Vulnerability’.
2020-12-10
5.8
CVE-2020-17153
MISC

microsoft — exchange_server
, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17144.
2020-12-10
6.5
CVE-2020-17142
MISC

microsoft — exchange_server
, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.
2020-12-10
6.5
CVE-2020-17132
MISC

microsoft — exchange_server
, aka ‘Microsoft Exchange Information Disclosure Vulnerability’.
2020-12-10
6.5
CVE-2020-17143
MISC

microsoft — exchange_server
, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.
2020-12-10
6
CVE-2020-17141
MISC

microsoft — sharepoint_foundation
, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’.
2020-12-10
6
CVE-2020-17089
MISC

microsoft — sharepoint_foundation
, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17118.
2020-12-10
6.5
CVE-2020-17121
MISC

microsoft — sharepoint_foundation
, aka ‘Microsoft SharePoint Spoofing Vulnerability’.
2020-12-10
6
CVE-2020-17115
MISC

microsoft — sharepoint_foundation
, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’.
2020-12-10
4
CVE-2020-17120
MISC

microsoft — team_foundation_server
, aka ‘Azure DevOps Server and Team Foundation Services Spoofing Vulnerability’.
2020-12-10
4.9
CVE-2020-17145
MISC

microsoft — visual_studio_2017
, aka ‘Visual Studio Remote Code Execution Vulnerability’.
2020-12-10
6.8
CVE-2020-17156
MISC

microsoft — visual_studio_code
, aka ‘Visual Studio Code Remote Code Execution Vulnerability’.
2020-12-10
6.8
CVE-2020-17150
MISC

microsoft — visual_studio_code
, aka ‘Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability’.
2020-12-10
6.8
CVE-2020-17159
MISC

microsoft — visual_studio_code
, aka ‘Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability’.
2020-12-10
6.8
CVE-2020-17148
MISC

microsoft — windows_10
, aka ‘Windows Digital Media Receiver Elevation of Privilege Vulnerability’.
2020-12-10
4.6
CVE-2020-17097
MISC

microsoft — windows_10
, aka ‘Windows Lock Screen Security Feature Bypass Vulnerability’.
2020-12-10
4.6
CVE-2020-17099
MISC

microsoft — windows_10
, aka ‘Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-17103, CVE-2020-17136.
2020-12-10
4.6
CVE-2020-17134
MISC

microsoft — windows_10
, aka ‘Windows SMB Information Disclosure Vulnerability’.
2020-12-10
4
CVE-2020-17140
MISC

microsoft — windows_10
, aka ‘DirectX Graphics Kernel Elevation of Privilege Vulnerability’.
2020-12-10
4.6
CVE-2020-17137
MISC

microsoft — windows_10
, aka ‘Windows Overlay Filter Security Feature Bypass Vulnerability’.
2020-12-10
4.6
CVE-2020-17139
MISC

microsoft — windows_10
, aka ‘Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-17103, CVE-2020-17134.
2020-12-10
4.6
CVE-2020-17136
MISC

microsoft — windows_server_2012
, aka ‘Kerberos Security Feature Bypass Vulnerability’.
2020-12-10
4
CVE-2020-16996
MISC

misp — misp
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
2020-12-06
4.3
CVE-2020-29572
MISC

mitsubishielectric — gt2107-wtbd_firmware
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.
2020-12-04
5
CVE-2020-5675
MISC
MISC
MISC

moodle — moodle
A vulnerability was found in Moodle where users with “Log in as” capability in a course context (typically, course managers) may gain access to some site administration capabilities by “logging in as” a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
2020-12-08
6.5
CVE-2020-25629
CONFIRM

moodle — moodle
A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
2020-12-08
5
CVE-2020-25630
CONFIRM

moodle — moodle
A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book’s chapter title, which was not escaped on the “Add new chapter” page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.
2020-12-08
4.3
CVE-2020-25631
CONFIRM

moodle — moodle
The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.
2020-12-09
4.3
CVE-2020-25627
CONFIRM

moodle — moodle
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
2020-12-08
4.3
CVE-2020-25628
MISC
CONFIRM

mozilla — firefox
Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
4.3
CVE-2020-26966
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
Some websites have a feature “Show Password” where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
4.3
CVE-2020-26965
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.
2020-12-09
4.3
CVE-2020-26957
MISC
CONFIRM

mozilla — firefox
Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83.
2020-12-09
4.3
CVE-2020-26963
MISC
CONFIRM

mozilla — firefox
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.
2020-12-09
4.3
CVE-2020-26962
MISC
CONFIRM

mozilla — firefox
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
4.3
CVE-2020-26961
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
4.3
CVE-2020-26958
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
4.3
CVE-2020-26956
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.
2020-12-09
4.3
CVE-2020-26955
MISC
CONFIRM

mozilla — firefox
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.
2020-12-09
4.3
CVE-2020-26954
MISC
CONFIRM

mozilla — firefox
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
4.3
CVE-2020-26953
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
A parsing and event loading mismatch in Firefox’s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
4.3
CVE-2020-26951
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
2020-12-09
6.8
CVE-2020-26959
MISC
CONFIRM
CONFIRM
CONFIRM

mozilla — firefox
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.
2020-12-09
4.3
CVE-2020-26967
MISC
CONFIRM

mozilla — firefox
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.
2020-12-09
4
CVE-2020-26964
MISC
CONFIRM

omniauth-apple_project — omniauth-apple
omniauth-apple is the OmniAuth strategy for “Sign In with Apple” (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth’s Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker’s choice including email addresses of other users. Applications not using info.email for identification but are instead using the uid field are not impacted in the same manner. Note, these applications may still be negatively affected if the value of info.email is being used for other purposes. Applications using affected versions of omniauth-apple are advised to upgrade to omniauth-apple version 1.0.1 or later.
2020-12-08
5
CVE-2020-26254
MISC
MISC
CONFIRM

online_examination_system_project — online_examination_system
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php.
2020-12-09
4.3
CVE-2020-29258
MISC

online_examination_system_project — online_examination_system
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php.
2020-12-09
4.3
CVE-2020-29257
MISC

online_examination_system_project — online_examination_system
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php.
2020-12-09
4.3
CVE-2020-29259
MISC

openldap — openldap
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
2020-12-08
5
CVE-2020-25692
CONFIRM

openssl — openssl
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL’s s_server, s_client and verify tools have support for the “-crl_download” option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL’s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
2020-12-08
5
CVE-2020-1971
CONFIRM
CONFIRM
FREEBSD
DEBIAN
CONFIRM

openstack — horizon
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
2020-12-04
5.8
CVE-2020-29565
MLIST
MISC
MISC
MISC
CONFIRM

os4ed — opensis
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
2020-12-04
4.3
CVE-2020-27409
MISC
MISC
MISC

os4ed — opensis
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
2020-12-04
5
CVE-2020-27408
MISC
MISC

plummac — ik-401_firmware
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request.
2020-12-08
5
CVE-2020-28946
MISC
MISC

processmaker — processmaker
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.
2020-12-10
6.5
CVE-2020-13526
MISC

pytest — py
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
2020-12-09
5
CVE-2020-29651
MISC
MISC
MISC

qnap — multimedia_console
This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.
2020-12-10
4.3
CVE-2020-2493
CONFIRM

qnap — music_station
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later
2020-12-10
4.3
CVE-2020-2494
CONFIRM

qnap — photo_station
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later
2020-12-10
4.3
CVE-2020-2491
CONFIRM

qnap — quts_hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
2020-12-10
4.3
CVE-2020-2496
CONFIRM

qnap — quts_hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
2020-12-10
4.3
CVE-2020-2497
CONFIRM

qnap — quts_hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
2020-12-10
4.3
CVE-2020-2498
CONFIRM

react-adal_project — react-adal
This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by how the nonce, session and refresh values are stored in the browser local storage or session storage. Each key is automatically appended by ||. When the received nonce and session keys are generated, the list of values is stored in the browser storage, separated by ||, with || always appended to the end of the list. Since || will always be the last 2 characters of the stored values, an empty string (“”) will always be in the list of the valid values. Therefore, if an empty session parameter is provided in the callback URL, and a specially-crafted JWT token contains an nonce value of “” (empty string), then adal.js will consider the JWT token as authentic.
2020-12-09
5
CVE-2020-7787
MISC
MISC

sap — businessobjects_business_intelligence_platform
SAP BusinessObjects BI Platform (Crystal Report), versions – 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).
2020-12-09
5.5
CVE-2020-26831
MISC
MISC

sap — disclosure_management
SAP Disclosure Management, version – 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet
2020-12-09
5.5
CVE-2020-26828
MISC
MISC

sap — hana_database
SAP HANA Database, version – 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
2020-12-09
5.5
CVE-2020-26834
MISC
MISC

sap — netweaver_as_abap
SAP NetWeaver AS ABAP, versions – 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
2020-12-09
4.3
CVE-2020-26835
MISC
MISC

sap — solution_manager
SAP Solution Manager 7.2 (User Experience Monitoring), version – 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.
2020-12-09
6.5
CVE-2020-26837
MISC
MISC

sap — solution_manager
SAP Solution Manager 7.2 (User Experience Monitoring), version – 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script.
2020-12-09
5.5
CVE-2020-26830
MISC
MISC

sap — solution_manager
SAP Solution Manager (Trace Analysis), version – 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.
2020-12-09
5.8
CVE-2020-26836
MISC
MISC

seeddms — seeddms
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.
2020-12-07
4.3
CVE-2020-28727
MISC
CONFIRM
MISC

snapcraft_project — snapcraft
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
2020-12-04
4.4
CVE-2020-27348
MISC
MISC
MISC

systransoft — pure_neural_server
API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of whether a web service is running on the destination port.
2020-12-08
5
CVE-2020-29540
MISC
MISC

txjia — imcat
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
2020-12-09
6.5
CVE-2020-23520
MISC

zx2c4 — password-store
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members’ machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn’t correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution.
2020-12-09
5
CVE-2020-28086
MISC

Low Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

adobe — lightroom
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2020-12-11
3.7
CVE-2020-24447
CONFIRM

adobe — prelude
Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2020-12-11
3.7
CVE-2020-24440
CONFIRM

apache — groovy
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy’s implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
2020-12-07
2.1
CVE-2020-17521
CONFIRM
MLIST

apereo — opencast
Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast’s HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. This problem is fixed in Opencast 7.9 and Opencast 8.8 Please be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate.
2020-12-08
2.1
CVE-2020-26234
MISC
CONFIRM

apple — icloud
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.
2020-12-08
2.1
CVE-2020-10002
MISC
MISC
MISC
MISC
MISC
MISC

apple — ipad_os
The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.
2020-12-08
2.1
CVE-2020-9989
MISC
MISC
MISC

apple — ipad_os
The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.
2020-12-08
2.1
CVE-2020-9988
MISC
MISC

apple — ipad_os
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.
2020-12-08
1.9
CVE-2020-9969
MISC
MISC
MISC
MISC

apple — ipados
An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.
2020-12-08
2.1
CVE-2020-27902
MISC

apple — ipados
An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call.
2020-12-08
1.9
CVE-2020-27925
MISC

apple — mac_os_x
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.
2020-12-08
2.1
CVE-2020-10007
MISC

arachnys — cabot
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.
2020-12-04
3.5
CVE-2020-25449
MISC
MISC
MISC
MISC

c2fo — fast-csv
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a CodeQL query which identified `EMPTY_ROW_REGEXP` regular expression as vulnerable.
2020-12-08
3.5
CVE-2020-26256
MISC
MISC
CONFIRM
MISC
MISC
MISC

canonical — ubuntu_linux
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
2020-12-09
2.1
CVE-2020-27349
MISC
MISC

canonical — ubuntu_linux
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.
2020-12-04
2.1
CVE-2020-16123
UBUNTU
UBUNTU

canonical — ubuntu_linux
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
2020-12-09
2.1
CVE-2020-16128
MISC
MISC

ceph — ceph-ansible
Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions, allowing any user to read the sensitive information within.
2020-12-08
2.1
CVE-2020-25677
CONFIRM
CONFIRM

cogboard — red-dashboard
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. This high severity exploit has been fixed on version 0.1.7a. There are no workarounds, bot owners must upgrade their relevant packages (Dashboard module and Dashboard webserver) in order to patch this issue.
2020-12-09
3.5
CVE-2020-26249
MISC
MISC
CONFIRM
MISC

gitlab — gitlab
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project
2020-12-10
3.5
CVE-2020-26407
CONFIRM
MISC
MISC

igniterealtime — openfire
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.
2020-12-11
3.5
CVE-2020-35127
MISC

jupyterhub — systemdspawner
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15
2020-12-09
3.3
CVE-2020-26261
MISC
MISC
CONFIRM
MISC

kubernetes — kubernetes
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
2020-12-07
2.1
CVE-2020-8565
CONFIRM
MLIST

kubernetes — kubernetes
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
2020-12-07
2.1
CVE-2020-8564
CONFIRM
MLIST

kubernetes — kubernetes
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager’s log. This affects < v1.19.3.
2020-12-07
2.1
CVE-2020-8563
CONFIRM
MLIST

kubernetes — kubernetes
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager’s logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
2020-12-07
2.1
CVE-2020-8566
CONFIRM
MLIST

microsoft — 365_apps
, aka ‘Microsoft Excel Information Disclosure Vulnerability’.
2020-12-10
2.1
CVE-2020-17126
MISC

microsoft — dynamics_365
, aka ‘Dynamics CRM Webclient Cross-site Scripting Vulnerability’.
2020-12-10
3.5
CVE-2020-17147
MISC

microsoft — git_credential_manager_core
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project’s GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the –recurse-submodules option.
2020-12-08
3.6
CVE-2020-26233
MISC
MISC
CONFIRM
MISC

microsoft — teams
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.
2020-12-09
3.5
CVE-2020-10146
MISC

microsoft — windows_10
, aka ‘Windows Error Reporting Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-17138.
2020-12-10
2.1
CVE-2020-17094
MISC

microsoft — windows_10
, aka ‘Windows Error Reporting Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-17094.
2020-12-10
2.1
CVE-2020-17138
MISC

microsoft — windows_10
, aka ‘Windows GDI+ Information Disclosure Vulnerability’.
2020-12-10
2.1
CVE-2020-17098
MISC

nlnetlabs — name_server_daemon
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.
2020-12-07
2.1
CVE-2020-28935
CONFIRM
CONFIRM

paloaltonetworks — cortex_xdr_agent
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software’s internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.
2020-12-09
2.1
CVE-2020-2020
CONFIRM

phpldapadmin_project — phpldapadmin
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
2020-12-11
3.5
CVE-2020-35132
MISC
MISC
MISC
MISC

qemu — qemu
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
2020-12-08
2.1
CVE-2020-27821
MISC

sap — netweaver_application_server_java
SAP AS JAVA (Key Storage Service), versions – 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.
2020-12-09
2.7
CVE-2020-26816
MISC
MISC

student_management_system_project_in_php_project — student_management_system_project_in_php
SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the ‘add subject’ tab.
2020-12-08
3.5
CVE-2020-25955
MISC
FULLDISC
MISC
MISC

systransoft — pure_neural_server
A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site.
2020-12-08
3.5
CVE-2020-29539
MISC
MISC

Severity Not Yet Assigned

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

adobe — adobe_experience_manager
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.
2020-12-10
not yet calculated
CVE-2020-24444
CONFIRM

adobe — adobe_experience_manager

AEM’s Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
2020-12-10
not yet calculated
CVE-2020-24445
CONFIRM

apache — airflow

The “origin” parameter passed to some of the endpoints like ‘/trigger’ was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
2020-12-11
not yet calculated
CVE-2020-17515
MLIST
MLIST
MLIST
MLIST
MISC
MLIST

apache — nuttx

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
2020-12-09
not yet calculated
CVE-2020-17528
MLIST
MISC
MLIST

apache — nuttx

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.
2020-12-09
not yet calculated
CVE-2020-17529
MLIST
MISC
MLIST

apache — struts

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25.
2020-12-11
not yet calculated
CVE-2020-17530
JVN
CONFIRM

apt — apt

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;
2020-12-10
not yet calculated
CVE-2020-27350
CONFIRM
UBUNTU
DEBIAN

apt-python — apt-python

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
2020-12-10
not yet calculated
CVE-2020-27351
CONFIRM
UBUNTU
DEBIAN

artifex_software — mupdf_library

A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander – a static – to point to previously freed memory instead of a newband_writer.
2020-12-09
not yet calculated
CVE-2020-16600
MISC
MISC

aruba_networks — multiple_products
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
2020-12-11
not yet calculated
CVE-2020-24634
CONFIRM

aruba_networks — multiple_products

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
2020-12-11
not yet calculated
CVE-2020-24633
CONFIRM

aruba_networks — multiple_products

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
2020-12-11
not yet calculated
CVE-2020-24637
CONFIRM

askey — ap5100w_d171_devices

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
2020-12-10
not yet calculated
CVE-2020-26201
MISC
CONFIRM

askey — ap5100w_d171_devices

Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.
2020-12-11
not yet calculated
CVE-2020-15023
CONFIRM
MISC

askey — ap5100w_d171_devices

Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.
2020-12-11
not yet calculated
CVE-2020-15357
MISC
MISC

awstats — awstats

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
2020-12-12
not yet calculated
CVE-2020-35176
MISC

broadcom — symantec_messaging_gateway
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.
2020-12-10
not yet calculated
CVE-2020-12594
CONFIRM

broadcom — symantec_messaging_gateway

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.
2020-12-10
not yet calculated
CVE-2020-12595
CONFIRM

brocade — fabric_os

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with “user” privileges if it is not associated with any groups.
2020-12-11
not yet calculated
CVE-2020-15376
CONFIRM

brocade — fabric_os

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.
2020-12-11
not yet calculated
CVE-2020-15375
CONFIRM

contiki — contiki
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
2020-12-11
not yet calculated
CVE-2020-13988
MISC
MISC

contiki — contiki
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
2020-12-11
not yet calculated
CVE-2020-13987
MISC
MISC

contiki — contiki
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
2020-12-11
not yet calculated
CVE-2020-17437
MISC
MISC

contiki — contiki
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.
2020-12-11
not yet calculated
CVE-2020-13986
MISC
MISC

contiki — contiki
An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.
2020-12-11
not yet calculated
CVE-2020-13985
MISC
MISC

contiki — contiki
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.
2020-12-11
not yet calculated
CVE-2020-13984
MISC
MISC

contiki — contiki

An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.
2020-12-11
not yet calculated
CVE-2020-25111
MISC
MISC

contiki — contiki

An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.
2020-12-11
not yet calculated
CVE-2020-25112
MISC
MISC

contiki — contiki_and_contiki-ng

An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn’t verify whether the address in the answer’s length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled.
2020-12-11
not yet calculated
CVE-2020-24336
MISC
MISC

corenlp-js-interface — corenlp-js-interface
All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.
2020-12-11
not yet calculated
CVE-2020-28440
CONFIRM

corenlp-js-prefab — corenlp-js-prefab

This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in ‘index.js.’ It depends on a vulnerable package ‘corenlp-js-interface.’ Vulnerability can be exploited with the following PoC:
2020-12-11
not yet calculated
CVE-2020-28439
CONFIRM

dupscout — dupscout_enterprise
A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.
2020-12-09
not yet calculated
CVE-2020-29659
MISC
MISC

eip_stack_group — opener
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
2020-12-11
not yet calculated
CVE-2020-13556
CONFIRM

eip_stack_group — opener
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.
2020-12-11
not yet calculated
CVE-2020-13530
CONFIRM

f5 — big-ip
On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
2020-12-11
not yet calculated
CVE-2020-5950
CONFIRM

f5 — big-ip
On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.
2020-12-11
not yet calculated
CVE-2020-5949
CONFIRM

f5 — big-ip

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
2020-12-11
not yet calculated
CVE-2020-5948
CONFIRM

f5 — big-ip_afm

In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.
2020-12-11
not yet calculated
CVE-2020-27713
CONFIRM

fastadmin — fastadmin

The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
2020-12-10
not yet calculated
CVE-2020-25967
MISC

fnet — fnet
An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn’t check for ” termination. Therefore, the deduced length of the hostname doesn’t reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.
2020-12-11
not yet calculated
CVE-2020-17467
CONFIRM
MISC
MISC

fnet — fnet

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.
2020-12-11
not yet calculated
CVE-2020-17470
CONFIRM
MISC
MISC

fnet — fnet

An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn’t check for proper ” termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.
2020-12-11
not yet calculated
CVE-2020-24383
MISC
MISC

fnet — fnet

An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn’t have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.
2020-12-11
not yet calculated
CVE-2020-17469
CONFIRM
MISC
MISC

fnet — fnet

An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn’t check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service.
2020-12-11
not yet calculated
CVE-2020-17468
CONFIRM
MISC
MISC

frappe — framework

Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
2020-12-11
not yet calculated
CVE-2020-35175
MISC
MISC

frappe — frappe

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
2020-12-11
not yet calculated
CVE-2020-27508
MISC
MISC

gerrit — gerrit
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users’ personal information associated with their accounts.
2020-12-10
not yet calculated
CVE-2020-8920
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM

gerrit — gerrit
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user’s personal account data as well as sub-trees with restricted access.
2020-12-10
not yet calculated
CVE-2020-8919
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM

geth — geth

Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
2020-12-11
not yet calculated
CVE-2020-26264
MISC
MISC
MISC
CONFIRM

geth — geth

Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made — all users are recommended to upgrade to a newer version.
2020-12-11
not yet calculated
CVE-2020-26265
MISC
CONFIRM

gitlab — gitlab

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
2020-12-11
not yet calculated
CVE-2020-26411
CONFIRM
MISC

gitlab — gitlab

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
2020-12-11
not yet calculated
CVE-2020-26415
CONFIRM
MISC

gitlab — gitlab_community_and_enterprise_editions
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.
2020-12-11
not yet calculated
CVE-2020-13357
CONFIRM
MISC
MISC

gitlab — gitlab_community_and_enterprise_editions

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
2020-12-11
not yet calculated
CVE-2020-26413
CONFIRM
MISC
MISC

gitlab — gitlab_community_and_enterprise_editions

A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
2020-12-11
not yet calculated
CVE-2020-26409
CONFIRM
MISC
MISC

gitlab — gitlab_community_and_enterprise_editions

A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user’s private profile
2020-12-11
not yet calculated
CVE-2020-26408
CONFIRM
MISC
MISC

gitlab — gitlab_community_and_enterprise_editions

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.
2020-12-11
not yet calculated
CVE-2020-26417
CONFIRM
MISC

gitlab — gitlab_enterprise_edition

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
2020-12-11
not yet calculated
CVE-2020-26412
CONFIRM
MISC

gitlab — gitlab_enterprise_edition

Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
2020-12-11
not yet calculated
CVE-2020-26416
CONFIRM
MISC

guava — guava

A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.
2020-12-10
not yet calculated
CVE-2020-8908
CONFIRM
CONFIRM
MISC

i18n — i18n

This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.
2020-12-11
not yet calculated
CVE-2020-7791
MISC
MISC
MISC

ibm — resilient_soar

IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.
2020-12-11
not yet calculated
CVE-2020-4633
XF
CONFIRM

ignite_realtime — openfire
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
2020-12-12
not yet calculated
CVE-2020-35199
MISC

ignite_realtime — openfire
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
2020-12-12
not yet calculated
CVE-2020-35201
MISC

ignite_realtime — openfire
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
2020-12-12
not yet calculated
CVE-2020-35202
MISC

ignite_realtime — openfire
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
2020-12-12
not yet calculated
CVE-2020-35200
MISC

ini — ini

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
2020-12-11
not yet calculated
CVE-2020-7788
MISC
MISC

jasper — jpc_encoder
There’s a flaw in jasper’s jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
2020-12-11
not yet calculated
CVE-2020-27828
MISC
MISC

kapacitor — kapacitor

Versions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.
2020-12-11
not yet calculated
CVE-2020-29589
MISC
MISC
MISC
MISC
MISC

lan_atmservice_m3_atm_monitoring_system
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.
2020-12-10
not yet calculated
CVE-2020-29667
MISC
MISC

lan_atmservice_m3_atm_monitoring_system

In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user’s cookie values and the predefined developer’s cookie value.
2020-12-10
not yet calculated
CVE-2020-29666
MISC
MISC

linux — linux_kernel

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running in parallel on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
2020-12-11
not yet calculated
CVE-2020-27825
MISC

linux — linux_kernel

A flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.
2020-12-11
not yet calculated
CVE-2020-27786
MISC
MISC

macrium_reflect — macrium_reflect

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:openssl. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
2020-12-09
not yet calculated
CVE-2020-10143
MISC

mcafee — database_security_server_and_sensor
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.
2020-12-10
not yet calculated
CVE-2020-7339
MISC

micro_focus — filr

Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.
2020-12-11
not yet calculated
CVE-2020-25838
CONFIRM

microsoft — edge_(edgehtml-based)_and_chakracore
, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’.
2020-12-10
not yet calculated
CVE-2020-17131
MISC

mout — mout

This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn ‘mixes objects into the target object, recursively mixing existing child objects as well’. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.
2020-12-11
not yet calculated
CVE-2020-7792
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM

mquery — mquery
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.
2020-12-11
not yet calculated
CVE-2020-35149
MISC

national_instruments_corp — compactrio
Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.
2020-12-11
not yet calculated
CVE-2020-25191
MISC

netflix — spinnaker

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.
2020-12-11
not yet calculated
CVE-2020-9301
CONFIRM

nginx — controller_agent
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
2020-12-11
not yet calculated
CVE-2020-27730
CONFIRM

node-notifier — node-notifier

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
2020-12-11
not yet calculated
CVE-2020-7789
MISC
MISC
MISC

nut — nut
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has ” termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
2020-12-11
not yet calculated
CVE-2020-25107
MISC
MISC

nut — nut
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
2020-12-11
not yet calculated
CVE-2020-25108
MISC
MISC

nut — nut

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
2020-12-11
not yet calculated
CVE-2020-25110
MISC
MISC

nut — nut

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
2020-12-11
not yet calculated
CVE-2020-25109
MISC
MISC

opencart — opencart_cms

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
2020-12-11
not yet calculated
CVE-2020-28838
MISC
MISC

palo_alto_networks — cortex_xdr_agent

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.
2020-12-09
not yet calculated
CVE-2020-2049
CONFIRM

phpoffice — phpspreadsheet

This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch.
2020-12-09
not yet calculated
CVE-2020-7776
MISC
MISC
MISC

phpshe — phpshe

PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
2020-12-11
not yet calculated
CVE-2020-19165
MISC

picotcp — picotcp
An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn’t check whether the ICMPv6 echo request packet’s size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in pico_icmp6_send_echoreply_not_frag in pico_icmp6.c.
2020-12-11
not yet calculated
CVE-2020-17443
MISC
MISC

picotcp — picotcp

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).
2020-12-11
not yet calculated
CVE-2020-17441
MISC
MISC

picotcp — picotcp

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c.
2020-12-11
not yet calculated
CVE-2020-17445
MISC
MISC

picotcp — picotcp

An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn’t check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c.
2020-12-11
not yet calculated
CVE-2020-17444
MISC
MISC

picotcp — picotcp

An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause Denial-of-Service because it affects the loop in which the extension headers are parsed in pico_ipv6_process_hopbyhop() in pico_ipv6.c.
2020-12-11
not yet calculated
CVE-2020-17442
MISC
MISC

picotcp — picotcp_and_picotcp-ng
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.
2020-12-11
not yet calculated
CVE-2020-24337
MISC
MISC

picotcp — picotcp_and_picotcp-ng
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service.
2020-12-11
not yet calculated
CVE-2020-24339
MISC
MISC

picotcp — picotcp_and_picotcp-ng
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service.
2020-12-11
not yet calculated
CVE-2020-24340
MISC
MISC

picotcp — picotcp_and_picotcp-ng

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution.
2020-12-11
not yet calculated
CVE-2020-24338
MISC
MISC

picotcp — picotcp_and_picotcp-ng

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.
2020-12-11
not yet calculated
CVE-2020-24341
MISC
MISC

pixar — openusd
An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
2020-12-11
not yet calculated
CVE-2020-13520
MISC

qnap — qts_and _quts_hero

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later
2020-12-10
not yet calculated
CVE-2019-7198
CONFIRM

registry — registry

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
2020-12-11
not yet calculated
CVE-2020-29591
MISC
MISC
MISC
MISC
MISC

sap — netweaver_as_java

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions – 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
2020-12-09
not yet calculated
CVE-2020-26826
MISC
MISC

schneider_electric — easergy_t300_devices

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.
2020-12-11
not yet calculated
CVE-2020-28216
MISC
CONFIRM

schneider_electric — easergy_t300_devices

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.
2020-12-11
not yet calculated
CVE-2020-28215
MISC
CONFIRM

schneider_electric — easergy_t300_devices

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.
2020-12-11
not yet calculated
CVE-2020-28218
MISC
CONFIRM

schneider_electric — ecostruxure_control_expert_and_unity_pro

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.
2020-12-11
not yet calculated
CVE-2020-7560
CONFIRM

schneider_electric — ecostruxure_geo_scada_expert_2019

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.
2020-12-11
not yet calculated
CVE-2020-28219
CONFIRM

schneider_electric — modicon_m221_devices

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.
2020-12-11
not yet calculated
CVE-2020-28214
MISC
CONFIRM

schneider_electric — modicon_m258_devices

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.
2020-12-11
not yet calculated
CVE-2020-28220
CONFIRM

schneider_electric — modicon_m340_devices
A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.
2020-12-11
not yet calculated
CVE-2020-7536
CONFIRM

schneider_electric — modicon_m340_devices
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’ Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
2020-12-11
not yet calculated
CVE-2020-7535
CONFIRM

schneider_electric — multiple_devices
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
2020-12-11
not yet calculated
CVE-2020-7537
CONFIRM

schneider_electric — multiple_devices

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.
2020-12-11
not yet calculated
CVE-2020-7549
CONFIRM

schneider_electric — multiple_devices

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
2020-12-11
not yet calculated
CVE-2020-7543
CONFIRM

schneider_electric — multiple_devices

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
2020-12-11
not yet calculated
CVE-2020-7542
CONFIRM

schneider_electric — multiple_devices

A CWE-425: Direct Request (‘Forced Browsing’) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.
2020-12-11
not yet calculated
CVE-2020-7541
CONFIRM

schneider_electric — multiple_devices

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
2020-12-11
not yet calculated
CVE-2020-7540
CONFIRM

schneider_electric — multiple_devices

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.
2020-12-11
not yet calculated
CVE-2020-7539
CONFIRM

silver_peak — ecos

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
2020-12-11
not yet calculated
CVE-2020-12148
MISC

silver_peak — ecos

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects ll current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
2020-12-11
not yet calculated
CVE-2020-12149
MISC

smartystreets — smartystreets

A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).
2020-12-11
not yet calculated
CVE-2020-29455
MISC
MISC
MISC

sophos — cyberoam_os
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
2020-12-11
not yet calculated
CVE-2020-29574
MISC
MISC

spatie — browsershot

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.
2020-12-11
not yet calculated
CVE-2020-7790
MISC
MISC

sympa — sympa
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
2020-12-10
not yet calculated
CVE-2020-29668
MISC
MISC
MISC
MISC

teamspeak — teamspeak

Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the root user. Systems deployed using affected versions of the teamspeak container may allow a remote attacker to achieve root access with a blank password.
2020-12-11
not yet calculated
CVE-2020-29590
MISC
MISC
MISC
MISC

tensorflow — tensorflow
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
2020-12-10
not yet calculated
CVE-2020-26268
MISC
CONFIRM

tensorflow — tensorflow

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
2020-12-10
not yet calculated
CVE-2020-26266
MISC
CONFIRM

tensorflow — tensorflow

In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
2020-12-10
not yet calculated
CVE-2020-26267
MISC
CONFIRM

tensorflow — tensorflow

In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched.
2020-12-10
not yet calculated
CVE-2020-26269
MISC
CONFIRM

tensorflow — tensorflow

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
2020-12-10
not yet calculated
CVE-2020-26271
MISC
CONFIRM

tensorflow — tensorflow

In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
2020-12-10
not yet calculated
CVE-2020-26270
MISC
CONFIRM

tikiwiki — tikiwiki

TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
2020-12-11
not yet calculated
CVE-2020-29254
MISC
MISC
MISC

totolink — a3002ru_routers

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system’s ‘Run Command’. An attacker can use this functionality to execute arbitrary OS commands on the router.
2020-12-09
not yet calculated
CVE-2020-25499
MISC
CONFIRM

ua-parser-js — ua-parser-js

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
2020-12-11
not yet calculated
CVE-2020-7793
MISC
MISC
MISC
MISC

uip — uip
The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.
2020-12-11
not yet calculated
CVE-2020-24334
MISC
MISC

uip — uip
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.
2020-12-11
not yet calculated
CVE-2020-17438
MISC
MISC

uip — uip

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning.
2020-12-11
not yet calculated
CVE-2020-17439
MISC
MISC

uip — uip

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have ” termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c.
2020-12-11
not yet calculated
CVE-2020-17440
MISC
MISC

wago — 750-88x_and_750-352_plc_devices
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
2020-12-10
not yet calculated
CVE-2020-12516
CONFIRM

wecon — levistudiou

A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
2020-12-09
not yet calculated
CVE-2020-25199
MISC

western_digital — dashboard

Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
2020-12-12
not yet calculated
CVE-2020-29654
CONFIRM

western_digital — my_cloud_os

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
2020-12-12
not yet calculated
CVE-2020-29563
CONFIRM

wireshark — wireshark

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
2020-12-11
not yet calculated
CVE-2020-26420
CONFIRM
MISC
MISC

wireshark — wireshark

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
2020-12-11
not yet calculated
CVE-2020-26421
CONFIRM
MISC
MISC

wireshark — wireshark

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
2020-12-11
not yet calculated
CVE-2020-26419
CONFIRM
MISC
MISC

wireshark — wireshark

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
2020-12-11
not yet calculated
CVE-2020-26418
CONFIRM
MISC
MISC

This product is provided subject to this Notification and this Privacy & Use policy.Original release date: December 14, 2020

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
acdsee — photo_studio_2021	PlugInsIDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa.	2020-12-07	7.5	CVE-2020-29595 MISC
anydesk — anydesk	AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.	2020-12-09	7.2	CVE-2020-27614 MISC MISC
apache — storm_docker	The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29580 MISC
apache — tapestry	A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the “sp” parameter even before invoking the page’s validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.	2020-12-08	7.5	CVE-2020-17531 MISC MLIST
apple — icloud	A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.	2020-12-08	9.3	CVE-2020-9981 MISC MISC MISC MISC MISC MISC
apple — icloud	A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.	2020-12-08	9.3	CVE-2020-27932 MISC MISC MISC MISC MISC MISC MISC MISC
apple — icloud	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution.	2020-12-08	9.3	CVE-2020-27917 MISC MISC MISC MISC MISC MISC
apple — icloud	An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.	2020-12-08	9.3	CVE-2020-27912 MISC MISC MISC MISC MISC MISC
apple — icloud	An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.	2020-12-08	9.3	CVE-2020-27911 MISC MISC MISC MISC MISC MISC
apple — ipados	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-12-08	9.3	CVE-2020-27909 MISC MISC MISC
apple — ipados	A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.	2020-12-08	9.3	CVE-2020-10013 MISC MISC
apple — ipados	A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.	2020-12-08	9.3	CVE-2020-10016 MISC MISC MISC MISC
apple — ipados	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-12-08	9.3	CVE-2020-27926 MISC
apple — ipados	A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.	2020-12-08	9.3	CVE-2020-27905 MISC MISC MISC
apple — ipados	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-12-08	9.3	CVE-2020-27910 MISC MISC MISC MISC
apple — ipados	An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-12-08	9.3	CVE-2020-27916 MISC MISC MISC MISC
apple — ipados	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.	2020-12-08	9.3	CVE-2020-9949 MISC MISC MISC MISC MISC
apple — ipados	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.	2020-12-08	9.3	CVE-2020-9965 MISC MISC MISC MISC
apple — ipados	A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.	2020-12-08	7.1	CVE-2020-27950 MISC MISC MISC MISC MISC MISC MISC MISC
apple — macos	A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.	2020-12-08	9.3	CVE-2020-27904 MISC
apple — macos	This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges.	2020-12-08	9.3	CVE-2020-27903 MISC
apple — macos	Multiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or heap corruption.	2020-12-08	9.3	CVE-2020-27906 MISC
awstats — awstats	In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.	2020-12-07	7.5	CVE-2020-29600 MISC MISC
cisco — jabber	Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.	2020-12-11	9	CVE-2020-27134 CISCO
cisco — jabber	Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.	2020-12-11	9	CVE-2020-27133 CISCO
cisco — jabber	Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.	2020-12-11	9	CVE-2020-27132 CISCO
cisco — jabber	Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.	2020-12-11	9	CVE-2020-27127 CISCO
deepref_project — deepref	Prototype pollution vulnerability in ‘deepref’ versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution.	2020-12-08	7.5	CVE-2020-28274 CONFIRM
docker — notary_docker_image	The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29601 MISC
druva — insync	inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.	2020-12-07	7.2	CVE-2020-5798 MISC MISC
eat_spray_love_project — eat_spray_love	The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users’ data.	2020-12-07	7.5	CVE-2020-5799 MISC
eat_spray_love_project — eat_spray_love	The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to.	2020-12-07	7.5	CVE-2020-5800 MISC
eggheads — eggdrop_docker	The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29576 MISC
elixir-lang — docker_image	The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29575 MISC
express-gateway — express-gateway_docker	The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.	2020-12-08	10	CVE-2020-29579 MISC
hashicorp — consul	The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29564 MISC
ibm — aix	IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.	2020-12-10	7.2	CVE-2020-4829 XF CONFIRM
idreamsoft — icms	iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.	2020-12-10	10	CVE-2020-19142 MISC
idreamsoft — icms	iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.	2020-12-10	10	CVE-2020-19527 MISC
imagemagick — imagemagick	ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.	2020-12-07	7.5	CVE-2020-29599 MISC MISC
incomcms_project — incomcms	IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.	2020-12-07	7.5	CVE-2020-29597 MISC MISC
irssi — docker_image	The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29602 MISC
katacontainers — kata_containers	An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes.	2020-12-07	9	CVE-2020-27151 MISC MISC MISC MISC
linux — linux_kernel	A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.	2020-12-09	7.2	CVE-2020-29660 MLIST MISC
linux — linux_kernel	A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.	2020-12-09	7.2	CVE-2020-29661 MLIST MISC
matomo — docker	The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.	2020-12-08	10	CVE-2020-29578 MISC
microsoft — 365_apps	, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.	2020-12-10	9.3	CVE-2020-17125 MISC MISC
microsoft — 365_apps	, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.	2020-12-10	9.3	CVE-2020-17128 MISC MISC
microsoft — 365_apps	, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.	2020-12-10	9.3	CVE-2020-17129 MISC
microsoft — 365_apps	, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.	2020-12-10	9.3	CVE-2020-17123 MISC
microsoft — 365_apps	, aka ‘Microsoft PowerPoint Remote Code Execution Vulnerability’.	2020-12-10	9.3	CVE-2020-17124 MISC
microsoft — c_sdk_for_azure_iot	, aka ‘Azure SDK for C Security Feature Bypass Vulnerability’.	2020-12-10	9.4	CVE-2020-17002 MISC
microsoft — excel	, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.	2020-12-10	9.3	CVE-2020-17127 MISC
microsoft — exchange_server	, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.	2020-12-10	9	CVE-2020-17117 MISC
microsoft — office	, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.	2020-12-10	9.3	CVE-2020-17122 MISC
microsoft — sharepoint_foundation	, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17121.	2020-12-10	10	CVE-2020-17118 MISC
microsoft — windows_10	, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.	2020-12-10	7.2	CVE-2020-16964 MISC
microsoft — windows_10	, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’.	2020-12-10	7.2	CVE-2020-17092 MISC
microsoft — windows_10	, aka ‘Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-17134, CVE-2020-17136.	2020-12-10	7.2	CVE-2020-17103 MISC
microsoft — windows_10	, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.	2020-12-10	7.2	CVE-2020-16963 MISC
microsoft — windows_10	, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.	2020-12-10	7.2	CVE-2020-16958 MISC
microsoft — windows_10	, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.	2020-12-10	7.2	CVE-2020-16959 MISC
microsoft — windows_10	, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.	2020-12-10	7.2	CVE-2020-16961 MISC
microsoft — windows_10	, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.	2020-12-10	7.2	CVE-2020-16962 MISC
microsoft — windows_10	, aka ‘Hyper-V Remote Code Execution Vulnerability’.	2020-12-10	9	CVE-2020-17095 MISC
microsoft — windows_10	, aka ‘Windows NTFS Remote Code Execution Vulnerability’.	2020-12-10	9	CVE-2020-17096 MISC
microsoft — windows_10	, aka ‘Windows Backup Engine Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.	2020-12-10	7.2	CVE-2020-16960 MISC
mozilla — firefox	Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.	2020-12-09	9.3	CVE-2020-26969 MISC CONFIRM
mozilla — firefox	If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	9.3	CVE-2020-26960 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.	2020-12-09	9.3	CVE-2020-26950 MISC CONFIRM
mozilla — firefox	Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.	2020-12-09	9.3	CVE-2020-26952 MISC CONFIRM
mozilla — firefox	Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	9.3	CVE-2020-26968 MISC CONFIRM CONFIRM CONFIRM
mozilla — thunderbird	When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.	2020-12-09	9.3	CVE-2020-26970 MISC CONFIRM
notable — notable	Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).	2020-12-10	9.3	CVE-2020-16608 MISC MISC
online_bus_booking_system_project_using_php/mysql_project — online_bus_booking_system_project_using_php/mysql	Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.	2020-12-08	7.5	CVE-2020-25889 MISC FULLDISC MISC MISC
redhat — wildfly	A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API’s java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.	2020-12-08	7.8	CVE-2020-27822 CONFIRM
sap — business_warehouse	SAP Business Warehouse, versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions – 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.	2020-12-09	9	CVE-2020-26838 MISC MISC
sap — netweaver_application_server_java	SAP NetWeaver AS JAVA (P2P Cluster Communication), versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.	2020-12-09	9	CVE-2020-26829 MISC MISC
sap — netweaver_as_abap	SAP AS ABAP (SAP Landscape Transformation), versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions – 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.	2020-12-09	7.5	CVE-2020-26832 MISC MISC
tarsnap — spiped_docker	The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29581 MISC
ubilling — ubilling	Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.	2020-12-10	10	CVE-2020-29311 MISC MISC MISC
znc — znc_docker	The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.	2020-12-08	10	CVE-2020-29577 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — apisix	In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.	2020-12-07	4	CVE-2020-13945 CONFIRM
apple — icloud	A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-9947 MISC MISC MISC MISC MISC MISC
apple — icloud	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-27918 MISC MISC MISC MISC MISC MISC MISC
apple — icloud	This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.	2020-12-08	5	CVE-2020-9991 MISC MISC MISC MISC MISC
apple — ipad_os	An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.	2020-12-08	4.6	CVE-2020-10003 MISC MISC MISC MISC
apple — ipad_os	An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-10017 MISC MISC MISC MISC
apple — ipad_os	A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user’s open tabs in Safari.	2020-12-08	4.3	CVE-2020-9977 MISC MISC
apple — ipad_os	A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.	2020-12-08	6.8	CVE-2020-10004 MISC MISC
apple — ipad_os	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.	2020-12-08	6.8	CVE-2020-9966 MISC MISC MISC MISC
apple — ipad_os	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.	2020-12-08	6.8	CVE-2020-9996 MISC MISC
apple — ipad_os	A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.	2020-12-08	4.3	CVE-2020-9974 MISC MISC MISC MISC
apple — ipad_os	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-12-08	6.8	CVE-2020-9972 MISC
apple — ipados	A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-27930 MISC MISC MISC MISC MISC MISC MISC MISC
apple — ipados	A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.	2020-12-08	4.6	CVE-2020-10010 MISC MISC MISC MISC
apple — ipados	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-9954 MISC MISC MISC MISC
apple — ipados	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-27927 MISC MISC MISC MISC
apple — ipados	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.	2020-12-08	6.8	CVE-2020-10011 MISC MISC
apple — ipados	The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.	2020-12-08	4.3	CVE-2020-9963 MISC MISC
apple — ipados	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.	2020-12-08	4.3	CVE-2020-9944 MISC MISC MISC MISC
apple — ipados	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.	2020-12-08	4.3	CVE-2020-9943 MISC MISC MISC MISC
apple — iphone_os	A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so.	2020-12-08	4.3	CVE-2020-27929 MISC
apple — itunes	An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.	2020-12-08	4.3	CVE-2020-9849 MISC MISC MISC MISC MISC MISC
apple — itunes	A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-9999 MISC MISC
apple — itunes	An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.	2020-12-08	4.3	CVE-2020-27895 MISC
apple — mac_os	The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from.	2020-12-08	4.3	CVE-2020-27894 MISC
apple — mac_os_x	A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.	2020-12-08	4.3	CVE-2020-9922 MISC
apple — mac_os_x	A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.	2020-12-08	4.3	CVE-2020-10009 MISC
apple — mac_os_x	A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.	2020-12-08	4.3	CVE-2020-27896 MISC
apple — mac_os_x	This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.	2020-12-08	4.3	CVE-2020-10006 MISC
apple — macos	A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.	2020-12-08	4.3	CVE-2020-10014 MISC
apple — macos	An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to.	2020-12-08	4.3	CVE-2020-27900 MISC
apple — macos	An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.	2020-12-08	4.3	CVE-2020-10012 MISC
apple — macos	A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1. An attacker may be able to bypass Managed Frame Protection.	2020-12-08	4.3	CVE-2020-27898 MISC
apple — safari	The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.	2020-12-08	4.3	CVE-2020-9993 MISC MISC MISC
apple — safari	An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.	2020-12-08	4.3	CVE-2020-9942 MISC MISC
apple — safari	A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.	2020-12-08	4.3	CVE-2020-9945 MISC MISC
apple — safari	An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.	2020-12-08	4.3	CVE-2020-9987 MISC
apple — safari	A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.	2020-12-08	6.8	CVE-2020-9950 MISC MISC MISC MISC
asus — rt-ac88u_firmware	An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach “unknown functionality” in a “known to be easy” manner via an unspecified “public exploit.”	2020-12-09	5	CVE-2020-29656 MISC
asus — rt-ac88u_firmware	An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.	2020-12-09	5	CVE-2020-29655 MISC
aswf — openexr	A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.	2020-12-09	4.3	CVE-2020-16587 MISC MISC
aswf — openexr	A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.	2020-12-09	4.3	CVE-2020-16588 MISC MISC
aswf — openexr	A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.	2020-12-09	4.3	CVE-2020-16589 MISC MISC
bookstackapp — bookstack	BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL’s to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.	2020-12-09	5.5	CVE-2020-26260 MISC MISC CONFIRM
boom-core — risvc-boom	An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.	2020-12-04	4.3	CVE-2020-29561 MISC
divebook_project — divebook	The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter).	2020-12-08	4.3	CVE-2020-14206 MISC MISC
divebook_project — divebook	The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.	2020-12-08	5	CVE-2020-14205 MISC MISC
divebook_project — divebook	The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter.	2020-12-08	5	CVE-2020-14207 MISC MISC
getkirby — kirby	Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access cannot use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability. Note: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14.	2020-12-08	6.5	CVE-2020-26255 MISC MISC CONFIRM MISC MISC MISC
getkirby — kirby	Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don’t have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget registering your first admin account on a public server. In this case – without our security block – someone else might theoretically be able to find your site, find out it’s running on Kirby, find the Panel and then register the account first. It’s an unlikely situation, but it’s still a certain risk. To be able to register the first Panel account on a public server, you have to enforce the installer via a config setting. This helps to push all users to the best practice of registering your first Panel account on your local machine and upload it together with the rest of the site. This installation block implementation in Kirby versions before 3.3.6 still assumed that .dev domains are local domains, which is no longer true. In the meantime, those domains became publicly available. This means that our installation block is no longer working as expected if you use a .dev domain for your Kirby site. Additionally the local installation check may also fail if your site is behind a reverse proxy. You are only affected if you use a .dev domain or your site is behind a reverse proxy and you have not yet registered your first Panel account on the public server and someone finds your site and tries to login at `yourdomain.dev/panel` before you register your first account. You are not affected if you have already created one or multiple Panel accounts (no matter if on a .dev domain or behind a reverse proxy). The problem has been patched in Kirby 3.3.6. Please upgrade to this or a later version to fix the vulnerability.	2020-12-08	4.3	CVE-2020-26253 MISC CONFIRM MISC MISC MISC
gnu — binutils	A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.	2020-12-09	4.3	CVE-2020-16592 MISC MISC
gnu — binutils	A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.	2020-12-09	4.3	CVE-2020-16593 MISC MISC
gnu — binutils	A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.	2020-12-09	4.3	CVE-2020-16598 MISC MISC
gnu — binutils	A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.	2020-12-09	4.3	CVE-2020-16599 MISC MISC
gnu — binutils	A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.	2020-12-09	4.3	CVE-2020-16590 MISC MISC
gnu — binutils	A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.34 due to an invalid read in process_symbol_table, as demonstrated in readeif.	2020-12-09	4.3	CVE-2020-16591 MISC MISC
gnu — glibc	sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a x00x04x00x00x00x00x00x00x00x04 value to sprintf.	2020-12-06	5	CVE-2020-29573 MISC MISC
gnu — glibc	The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.	2020-12-04	5	CVE-2020-29562 MISC
huawei — honor_20_pro_firmware	There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.	2020-12-07	6.8	CVE-2020-9247 MISC
ibm — sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.	2020-12-10	4	CVE-2019-4738 XF CONFIRM
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27773 MISC
imagemagick — imagemagick	In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-25675 MISC
imagemagick — imagemagick	Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-04	4.3	CVE-2020-27770 MISC
imagemagick — imagemagick	In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-25676 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27767 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27765 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-08	4.3	CVE-2020-27758 MISC
imagemagick — imagemagick	WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-08	4.3	CVE-2020-25674 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-08	4.3	CVE-2020-27750 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-27751 MISC
imagemagick — imagemagick	There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-27753 MISC
imagemagick — imagemagick	In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.	2020-12-08	4.3	CVE-2020-27754 MISC
imagemagick — imagemagick	in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-27755 MISC
imagemagick — imagemagick	In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-27756 MISC
imagemagick — imagemagick	In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27771 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27772 MISC
imagemagick — imagemagick	TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `”dc:format=”image/dng”` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-25667 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.	2020-12-04	6.8	CVE-2020-27766 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27776 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27775 MISC
imagemagick — imagemagick	In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.	2020-12-08	5.8	CVE-2020-25664 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	4.3	CVE-2020-27774 MISC
imagemagick — imagemagick	A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-08	4.3	CVE-2020-27757 MISC
imagemagick — imagemagick	A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-25663 MISC MISC MISC
imagemagick — imagemagick	The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-08	4.3	CVE-2020-25665 MISC
imagemagick — imagemagick	There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	4.3	CVE-2020-25666 MISC
imagemagick — imagemagick	A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-08	5.8	CVE-2020-27752 MISC
infolific — ultimate_category_excluder	The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.	2020-12-11	6.8	CVE-2020-35135 MISC MISC
inspur — nf8480m5_firmware	Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator’s rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.	2020-12-07	6.5	CVE-2020-26122 MISC CONFIRM
intland — codebeamer_application_lifecycle_management	An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.	2020-12-07	4.3	CVE-2020-26513 MISC MISC
jerryscript — jerryscript	In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.	2020-12-09	6.4	CVE-2020-29657 MISC
kaspersky — anti-ransomware_tool	The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.	2020-12-04	6.9	CVE-2020-28950 MISC MISC
libpng — pngcheck	A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.	2020-12-08	4.3	CVE-2020-27818 MISC MISC MISC MISC MISC MISC CONFIRM
matrix — synapse	Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference “homeserver” implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`).	2020-12-09	4	CVE-2020-26257 MISC MISC MISC CONFIRM
mcafee — virusscan_enterprise	Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.	2020-12-09	4.6	CVE-2020-7337 CONFIRM
microsoft — 365_apps	, aka ‘Microsoft Outlook Information Disclosure Vulnerability’.	2020-12-10	5	CVE-2020-17119 MISC MISC
microsoft — 365_apps	, aka ‘Microsoft Excel Security Feature Bypass Vulnerability’.	2020-12-10	6	CVE-2020-17130 MISC
microsoft — azure_devops_server	, aka ‘Azure DevOps Server Spoofing Vulnerability’.	2020-12-10	4.9	CVE-2020-17135 MISC
microsoft — azure_sdk_for_java	, aka ‘Azure SDK for Java Security Feature Bypass Vulnerability’.	2020-12-10	6.4	CVE-2020-16971 MISC
microsoft — dynamics_365	, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17158.	2020-12-10	6.5	CVE-2020-17152 MISC
microsoft — dynamics_365	, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17152.	2020-12-10	6.5	CVE-2020-17158 MISC
microsoft — dynamics_nav	, aka ‘Microsoft Dynamics Business Central/NAV Information Disclosure’.	2020-12-10	4	CVE-2020-17133 MISC
microsoft — edge	, aka ‘Microsoft Edge for Android Spoofing Vulnerability’.	2020-12-10	5.8	CVE-2020-17153 MISC
microsoft — exchange_server	, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17144.	2020-12-10	6.5	CVE-2020-17142 MISC
microsoft — exchange_server	, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.	2020-12-10	6	CVE-2020-17144 MISC
microsoft — exchange_server	, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.	2020-12-10	6.5	CVE-2020-17132 MISC
microsoft — exchange_server	, aka ‘Microsoft Exchange Information Disclosure Vulnerability’.	2020-12-10	6.5	CVE-2020-17143 MISC
microsoft — exchange_server	, aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.	2020-12-10	6	CVE-2020-17141 MISC
microsoft — sharepoint_foundation	, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’.	2020-12-10	6	CVE-2020-17089 MISC
microsoft — sharepoint_foundation	, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17118.	2020-12-10	6.5	CVE-2020-17121 MISC
microsoft — sharepoint_foundation	, aka ‘Microsoft SharePoint Spoofing Vulnerability’.	2020-12-10	6	CVE-2020-17115 MISC
microsoft — sharepoint_foundation	, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’.	2020-12-10	4	CVE-2020-17120 MISC
microsoft — team_foundation_server	, aka ‘Azure DevOps Server and Team Foundation Services Spoofing Vulnerability’.	2020-12-10	4.9	CVE-2020-17145 MISC
microsoft — visual_studio_2017	, aka ‘Visual Studio Remote Code Execution Vulnerability’.	2020-12-10	6.8	CVE-2020-17156 MISC
microsoft — visual_studio_code	, aka ‘Visual Studio Code Remote Code Execution Vulnerability’.	2020-12-10	6.8	CVE-2020-17150 MISC
microsoft — visual_studio_code	, aka ‘Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability’.	2020-12-10	6.8	CVE-2020-17159 MISC
microsoft — visual_studio_code	, aka ‘Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability’.	2020-12-10	6.8	CVE-2020-17148 MISC
microsoft — windows_10	, aka ‘Windows Digital Media Receiver Elevation of Privilege Vulnerability’.	2020-12-10	4.6	CVE-2020-17097 MISC
microsoft — windows_10	, aka ‘Windows Lock Screen Security Feature Bypass Vulnerability’.	2020-12-10	4.6	CVE-2020-17099 MISC
microsoft — windows_10	, aka ‘Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-17103, CVE-2020-17136.	2020-12-10	4.6	CVE-2020-17134 MISC
microsoft — windows_10	, aka ‘Windows SMB Information Disclosure Vulnerability’.	2020-12-10	4	CVE-2020-17140 MISC
microsoft — windows_10	, aka ‘DirectX Graphics Kernel Elevation of Privilege Vulnerability’.	2020-12-10	4.6	CVE-2020-17137 MISC
microsoft — windows_10	, aka ‘Windows Overlay Filter Security Feature Bypass Vulnerability’.	2020-12-10	4.6	CVE-2020-17139 MISC
microsoft — windows_10	, aka ‘Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-17103, CVE-2020-17134.	2020-12-10	4.6	CVE-2020-17136 MISC
microsoft — windows_server_2012	, aka ‘Kerberos Security Feature Bypass Vulnerability’.	2020-12-10	4	CVE-2020-16996 MISC
misp — misp	app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.	2020-12-06	4.3	CVE-2020-29572 MISC
mitsubishielectric — gt2107-wtbd_firmware	Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.	2020-12-04	5	CVE-2020-5675 MISC MISC MISC
moodle — moodle	A vulnerability was found in Moodle where users with “Log in as” capability in a course context (typically, course managers) may gain access to some site administration capabilities by “logging in as” a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.	2020-12-08	6.5	CVE-2020-25629 CONFIRM
moodle — moodle	A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.	2020-12-08	5	CVE-2020-25630 CONFIRM
moodle — moodle	A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book’s chapter title, which was not escaped on the “Add new chapter” page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.	2020-12-08	4.3	CVE-2020-25631 CONFIRM
moodle — moodle	The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.	2020-12-09	4.3	CVE-2020-25627 CONFIRM
moodle — moodle	The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.	2020-12-08	4.3	CVE-2020-25628 MISC CONFIRM
mozilla — firefox	Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	4.3	CVE-2020-26966 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	Some websites have a feature “Show Password” where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	4.3	CVE-2020-26965 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 83.	2020-12-09	4.3	CVE-2020-26957 MISC CONFIRM
mozilla — firefox	Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83.	2020-12-09	4.3	CVE-2020-26963 MISC CONFIRM
mozilla — firefox	Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.	2020-12-09	4.3	CVE-2020-26962 MISC CONFIRM
mozilla — firefox	When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	4.3	CVE-2020-26961 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	4.3	CVE-2020-26958 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	4.3	CVE-2020-26956 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 83.	2020-12-09	4.3	CVE-2020-26955 MISC CONFIRM
mozilla — firefox	When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 83.	2020-12-09	4.3	CVE-2020-26954 MISC CONFIRM
mozilla — firefox	It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	4.3	CVE-2020-26953 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	A parsing and event loading mismatch in Firefox’s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	4.3	CVE-2020-26951 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.	2020-12-09	6.8	CVE-2020-26959 MISC CONFIRM CONFIRM CONFIRM
mozilla — firefox	When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.	2020-12-09	4.3	CVE-2020-26967 MISC CONFIRM
mozilla — firefox	If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 83.	2020-12-09	4	CVE-2020-26964 MISC CONFIRM
omniauth-apple_project — omniauth-apple	omniauth-apple is the OmniAuth strategy for “Sign In with Apple” (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth’s Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker’s choice including email addresses of other users. Applications not using info.email for identification but are instead using the uid field are not impacted in the same manner. Note, these applications may still be negatively affected if the value of info.email is being used for other purposes. Applications using affected versions of omniauth-apple are advised to upgrade to omniauth-apple version 1.0.1 or later.	2020-12-08	5	CVE-2020-26254 MISC MISC CONFIRM
online_examination_system_project — online_examination_system	Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php.	2020-12-09	4.3	CVE-2020-29258 MISC
online_examination_system_project — online_examination_system	Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php.	2020-12-09	4.3	CVE-2020-29257 MISC
online_examination_system_project — online_examination_system	Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php.	2020-12-09	4.3	CVE-2020-29259 MISC
openldap — openldap	A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.	2020-12-08	5	CVE-2020-25692 CONFIRM
openssl — openssl	The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL’s s_server, s_client and verify tools have support for the “-crl_download” option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL’s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).	2020-12-08	5	CVE-2020-1971 CONFIRM CONFIRM FREEBSD DEBIAN CONFIRM
openstack — horizon	An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.	2020-12-04	5.8	CVE-2020-29565 MLIST MISC MISC MISC CONFIRM
os4ed — opensis	OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.	2020-12-04	4.3	CVE-2020-27409 MISC MISC MISC
os4ed — opensis	OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.	2020-12-04	5	CVE-2020-27408 MISC MISC
plummac — ik-401_firmware	An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request.	2020-12-08	5	CVE-2020-28946 MISC MISC
processmaker — processmaker	SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.	2020-12-10	6.5	CVE-2020-13526 MISC
pytest — py	A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.	2020-12-09	5	CVE-2020-29651 MISC MISC MISC
qnap — multimedia_console	This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.	2020-12-10	4.3	CVE-2020-2493 CONFIRM
qnap — music_station	This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later	2020-12-10	4.3	CVE-2020-2494 CONFIRM
qnap — photo_station	This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later	2020-12-10	4.3	CVE-2020-2491 CONFIRM
qnap — quts_hero	If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later	2020-12-10	4.3	CVE-2020-2496 CONFIRM
qnap — quts_hero	If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later	2020-12-10	4.3	CVE-2020-2497 CONFIRM
qnap — quts_hero	If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later	2020-12-10	4.3	CVE-2020-2498 CONFIRM
qnap — quts_hero	If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later	2020-12-10	4.3	CVE-2020-2495 CONFIRM
react-adal_project — react-adal	This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by how the nonce, session and refresh values are stored in the browser local storage or session storage. Each key is automatically appended by \|\|. When the received nonce and session keys are generated, the list of values is stored in the browser storage, separated by \|\|, with \|\| always appended to the end of the list. Since \|\| will always be the last 2 characters of the stored values, an empty string (“”) will always be in the list of the valid values. Therefore, if an empty session parameter is provided in the callback URL, and a specially-crafted JWT token contains an nonce value of “” (empty string), then adal.js will consider the JWT token as authentic.	2020-12-09	5	CVE-2020-7787 MISC MISC
sap — businessobjects_business_intelligence_platform	SAP BusinessObjects BI Platform (Crystal Report), versions – 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).	2020-12-09	5.5	CVE-2020-26831 MISC MISC
sap — disclosure_management	SAP Disclosure Management, version – 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet	2020-12-09	5.5	CVE-2020-26828 MISC MISC
sap — hana_database	SAP HANA Database, version – 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.	2020-12-09	5.5	CVE-2020-26834 MISC MISC
sap — netweaver_as_abap	SAP NetWeaver AS ABAP, versions – 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.	2020-12-09	4.3	CVE-2020-26835 MISC MISC
sap — solution_manager	SAP Solution Manager 7.2 (User Experience Monitoring), version – 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.	2020-12-09	6.5	CVE-2020-26837 MISC MISC
sap — solution_manager	SAP Solution Manager 7.2 (User Experience Monitoring), version – 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script.	2020-12-09	5.5	CVE-2020-26830 MISC MISC
sap — solution_manager	SAP Solution Manager (Trace Analysis), version – 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.	2020-12-09	5.8	CVE-2020-26836 MISC MISC
seeddms — seeddms	Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.	2020-12-07	4.3	CVE-2020-28727 MISC CONFIRM MISC
snapcraft_project — snapcraft	In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.	2020-12-04	4.4	CVE-2020-27348 MISC MISC MISC
systransoft — pure_neural_server	API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of whether a web service is running on the destination port.	2020-12-08	5	CVE-2020-29540 MISC MISC
txjia — imcat	imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.	2020-12-09	6.5	CVE-2020-23520 MISC
zx2c4 — password-store	pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members’ machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn’t correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution.	2020-12-09	5	CVE-2020-28086 MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — lightroom	Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-12-11	3.7	CVE-2020-24447 CONFIRM
adobe — prelude	Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-12-11	3.7	CVE-2020-24440 CONFIRM
apache — groovy	Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy’s implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.	2020-12-07	2.1	CVE-2020-17521 CONFIRM MLIST
apereo — opencast	Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast’s HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. This problem is fixed in Opencast 7.9 and Opencast 8.8 Please be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate.	2020-12-08	2.1	CVE-2020-26234 MISC CONFIRM
apple — icloud	A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.	2020-12-08	2.1	CVE-2020-10002 MISC MISC MISC MISC MISC MISC
apple — ipad_os	The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.	2020-12-08	2.1	CVE-2020-9989 MISC MISC MISC
apple — ipad_os	The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.	2020-12-08	2.1	CVE-2020-9988 MISC MISC
apple — ipad_os	An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.	2020-12-08	1.9	CVE-2020-9969 MISC MISC MISC MISC
apple — ipados	An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.	2020-12-08	2.1	CVE-2020-27902 MISC
apple — ipados	An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call.	2020-12-08	1.9	CVE-2020-27925 MISC
apple — mac_os_x	A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.	2020-12-08	2.1	CVE-2020-10007 MISC
arachnys — cabot	Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.	2020-12-04	3.5	CVE-2020-25449 MISC MISC MISC MISC
c2fo — fast-csv	Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a CodeQL query which identified `EMPTY_ROW_REGEXP` regular expression as vulnerable.	2020-12-08	3.5	CVE-2020-26256 MISC MISC CONFIRM MISC MISC MISC
canonical — ubuntu_linux	Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.	2020-12-09	2.1	CVE-2020-27349 MISC MISC
canonical — ubuntu_linux	An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.	2020-12-04	2.1	CVE-2020-16123 UBUNTU UBUNTU
canonical — ubuntu_linux	The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.	2020-12-09	2.1	CVE-2020-16128 MISC MISC
ceph — ceph-ansible	Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions, allowing any user to read the sensitive information within.	2020-12-08	2.1	CVE-2020-25677 CONFIRM CONFIRM
cogboard — red-dashboard	Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. This high severity exploit has been fixed on version 0.1.7a. There are no workarounds, bot owners must upgrade their relevant packages (Dashboard module and Dashboard webserver) in order to patch this issue.	2020-12-09	3.5	CVE-2020-26249 MISC MISC CONFIRM MISC
gitlab — gitlab	A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project	2020-12-10	3.5	CVE-2020-26407 CONFIRM MISC MISC
igniterealtime — openfire	Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.	2020-12-11	3.5	CVE-2020-35127 MISC
jupyterhub — systemdspawner	jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15	2020-12-09	3.3	CVE-2020-26261 MISC MISC CONFIRM MISC
kubernetes — kubernetes	In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.	2020-12-07	2.1	CVE-2020-8565 CONFIRM MLIST
kubernetes — kubernetes	In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.	2020-12-07	2.1	CVE-2020-8564 CONFIRM MLIST
kubernetes — kubernetes	In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager’s log. This affects < v1.19.3.	2020-12-07	2.1	CVE-2020-8563 CONFIRM MLIST
kubernetes — kubernetes	In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager’s logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.	2020-12-07	2.1	CVE-2020-8566 CONFIRM MLIST
microsoft — 365_apps	, aka ‘Microsoft Excel Information Disclosure Vulnerability’.	2020-12-10	2.1	CVE-2020-17126 MISC
microsoft — dynamics_365	, aka ‘Dynamics CRM Webclient Cross-site Scripting Vulnerability’.	2020-12-10	3.5	CVE-2020-17147 MISC
microsoft — git_credential_manager_core	Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project’s GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the –recurse-submodules option.	2020-12-08	3.6	CVE-2020-26233 MISC MISC CONFIRM MISC
microsoft — teams	The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.	2020-12-09	3.5	CVE-2020-10146 MISC
microsoft — windows_10	, aka ‘Windows Error Reporting Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-17138.	2020-12-10	2.1	CVE-2020-17094 MISC
microsoft — windows_10	, aka ‘Windows Error Reporting Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-17094.	2020-12-10	2.1	CVE-2020-17138 MISC
microsoft — windows_10	, aka ‘Windows GDI+ Information Disclosure Vulnerability’.	2020-12-10	2.1	CVE-2020-17098 MISC
nlnetlabs — name_server_daemon	NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.	2020-12-07	2.1	CVE-2020-28935 CONFIRM CONFIRM
paloaltonetworks — cortex_xdr_agent	An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software’s internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.	2020-12-09	2.1	CVE-2020-2020 CONFIRM
phpldapadmin_project — phpldapadmin	An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.	2020-12-11	3.5	CVE-2020-35132 MISC MISC MISC MISC
qemu — qemu	A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.	2020-12-08	2.1	CVE-2020-27821 MISC
sap — netweaver_application_server_java	SAP AS JAVA (Key Storage Service), versions – 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.	2020-12-09	2.7	CVE-2020-26816 MISC MISC
student_management_system_project_in_php_project — student_management_system_project_in_php	SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the ‘add subject’ tab.	2020-12-08	3.5	CVE-2020-25955 MISC FULLDISC MISC MISC
systransoft — pure_neural_server	A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site.	2020-12-08	3.5	CVE-2020-29539 MISC MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — adobe_experience_manager	AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.	2020-12-10	not yet calculated	CVE-2020-24444 CONFIRM
adobe — adobe_experience_manager	AEM’s Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.	2020-12-10	not yet calculated	CVE-2020-24445 CONFIRM
apache — airflow	The “origin” parameter passed to some of the endpoints like ‘/trigger’ was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.	2020-12-11	not yet calculated	CVE-2020-17515 MLIST MLIST MLIST MLIST MISC MLIST
apache — nuttx	Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.	2020-12-09	not yet calculated	CVE-2020-17528 MLIST MISC MLIST
apache — nuttx	Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.	2020-12-09	not yet calculated	CVE-2020-17529 MLIST MISC MLIST
apache — struts	Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25.	2020-12-11	not yet calculated	CVE-2020-17530 JVN CONFIRM
apt — apt	APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;	2020-12-10	not yet calculated	CVE-2020-27350 CONFIRM UBUNTU DEBIAN
apt-python — apt-python	Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;	2020-12-10	not yet calculated	CVE-2020-27351 CONFIRM UBUNTU DEBIAN
artifex_software — mupdf_library	A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander – a static – to point to previously freed memory instead of a newband_writer.	2020-12-09	not yet calculated	CVE-2020-16600 MISC MISC
aruba_networks — multiple_products	An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.	2020-12-11	not yet calculated	CVE-2020-24634 CONFIRM
aruba_networks — multiple_products	There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.	2020-12-11	not yet calculated	CVE-2020-24633 CONFIRM
aruba_networks — multiple_products	Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.	2020-12-11	not yet calculated	CVE-2020-24637 CONFIRM
askey — ap5100w_d171_devices	Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.	2020-12-10	not yet calculated	CVE-2020-26201 MISC CONFIRM
askey — ap5100w_d171_devices	Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.	2020-12-11	not yet calculated	CVE-2020-15023 CONFIRM MISC
askey — ap5100w_d171_devices	Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.	2020-12-11	not yet calculated	CVE-2020-15357 MISC MISC
awstats — awstats	In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.	2020-12-12	not yet calculated	CVE-2020-35176 MISC
broadcom — symantec_messaging_gateway	A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.	2020-12-10	not yet calculated	CVE-2020-12594 CONFIRM
broadcom — symantec_messaging_gateway	An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.	2020-12-10	not yet calculated	CVE-2020-12595 CONFIRM
brocade — fabric_os	Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with “user” privileges if it is not associated with any groups.	2020-12-11	not yet calculated	CVE-2020-15376 CONFIRM
brocade — fabric_os	Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.	2020-12-11	not yet calculated	CVE-2020-15375 CONFIRM
contiki — contiki	An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.	2020-12-11	not yet calculated	CVE-2020-13988 MISC MISC
contiki — contiki	An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.	2020-12-11	not yet calculated	CVE-2020-13987 MISC MISC
contiki — contiki	An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.	2020-12-11	not yet calculated	CVE-2020-17437 MISC MISC
contiki — contiki	An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.	2020-12-11	not yet calculated	CVE-2020-13986 MISC MISC
contiki — contiki	An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.	2020-12-11	not yet calculated	CVE-2020-13985 MISC MISC
contiki — contiki	An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.	2020-12-11	not yet calculated	CVE-2020-13984 MISC MISC
contiki — contiki	An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.	2020-12-11	not yet calculated	CVE-2020-25111 MISC MISC
contiki — contiki	An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.	2020-12-11	not yet calculated	CVE-2020-25112 MISC MISC
contiki — contiki_and_contiki-ng	An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn’t verify whether the address in the answer’s length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled.	2020-12-11	not yet calculated	CVE-2020-24336 MISC MISC
corenlp-js-interface — corenlp-js-interface	All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.	2020-12-11	not yet calculated	CVE-2020-28440 CONFIRM
corenlp-js-prefab — corenlp-js-prefab	This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in ‘index.js.’ It depends on a vulnerable package ‘corenlp-js-interface.’ Vulnerability can be exploited with the following PoC:	2020-12-11	not yet calculated	CVE-2020-28439 CONFIRM
dupscout — dupscout_enterprise	A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.	2020-12-09	not yet calculated	CVE-2020-29659 MISC MISC
eip_stack_group — opener	An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.	2020-12-11	not yet calculated	CVE-2020-13556 CONFIRM
eip_stack_group — opener	A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.	2020-12-11	not yet calculated	CVE-2020-13530 CONFIRM
f5 — big-ip	On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.	2020-12-11	not yet calculated	CVE-2020-5950 CONFIRM
f5 — big-ip	On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.	2020-12-11	not yet calculated	CVE-2020-5949 CONFIRM
f5 — big-ip	On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.	2020-12-11	not yet calculated	CVE-2020-5948 CONFIRM
f5 — big-ip_afm	In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.	2020-12-11	not yet calculated	CVE-2020-27713 CONFIRM
fastadmin — fastadmin	The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.	2020-12-10	not yet calculated	CVE-2020-25967 MISC
fnet — fnet	An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn’t check for ” termination. Therefore, the deduced length of the hostname doesn’t reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.	2020-12-11	not yet calculated	CVE-2020-17467 CONFIRM MISC MISC
fnet — fnet	An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.	2020-12-11	not yet calculated	CVE-2020-17470 CONFIRM MISC MISC
fnet — fnet	An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn’t check for proper ” termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.	2020-12-11	not yet calculated	CVE-2020-24383 MISC MISC
fnet — fnet	An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn’t have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.	2020-12-11	not yet calculated	CVE-2020-17469 CONFIRM MISC MISC
fnet — fnet	An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn’t check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service.	2020-12-11	not yet calculated	CVE-2020-17468 CONFIRM MISC MISC
frappe — framework	Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.	2020-12-11	not yet calculated	CVE-2020-35175 MISC MISC
frappe — frappe	In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.	2020-12-11	not yet calculated	CVE-2020-27508 MISC MISC
gerrit — gerrit	An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users’ personal information associated with their accounts.	2020-12-10	not yet calculated	CVE-2020-8920 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
gerrit — gerrit	An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user’s personal account data as well as sub-trees with restricted access.	2020-12-10	not yet calculated	CVE-2020-8919 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
geth — geth	Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.	2020-12-11	not yet calculated	CVE-2020-26264 MISC MISC MISC CONFIRM
geth — geth	Go Ethereum, or “Geth”, is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made — all users are recommended to upgrade to a newer version.	2020-12-11	not yet calculated	CVE-2020-26265 MISC CONFIRM
gitlab — gitlab	A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.	2020-12-11	not yet calculated	CVE-2020-26411 CONFIRM MISC
gitlab — gitlab	Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.	2020-12-11	not yet calculated	CVE-2020-26415 CONFIRM MISC
gitlab — gitlab_community_and_enterprise_editions	An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.	2020-12-11	not yet calculated	CVE-2020-13357 CONFIRM MISC MISC
gitlab — gitlab_community_and_enterprise_editions	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.	2020-12-11	not yet calculated	CVE-2020-26413 CONFIRM MISC MISC
gitlab — gitlab_community_and_enterprise_editions	A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.	2020-12-11	not yet calculated	CVE-2020-26409 CONFIRM MISC MISC
gitlab — gitlab_community_and_enterprise_editions	A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user’s private profile	2020-12-11	not yet calculated	CVE-2020-26408 CONFIRM MISC MISC
gitlab — gitlab_community_and_enterprise_editions	Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.	2020-12-11	not yet calculated	CVE-2020-26417 CONFIRM MISC
gitlab — gitlab_enterprise_edition	Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.	2020-12-11	not yet calculated	CVE-2020-26412 CONFIRM MISC
gitlab — gitlab_enterprise_edition	Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.	2020-12-11	not yet calculated	CVE-2020-26416 CONFIRM MISC
guava — guava	A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.	2020-12-10	not yet calculated	CVE-2020-8908 CONFIRM CONFIRM MISC
i18n — i18n	This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.	2020-12-11	not yet calculated	CVE-2020-7791 MISC MISC MISC
ibm — resilient_soar	IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.	2020-12-11	not yet calculated	CVE-2020-4633 XF CONFIRM
ignite_realtime — openfire	Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.	2020-12-12	not yet calculated	CVE-2020-35199 MISC
ignite_realtime — openfire	Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.	2020-12-12	not yet calculated	CVE-2020-35201 MISC
ignite_realtime — openfire	Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.	2020-12-12	not yet calculated	CVE-2020-35202 MISC
ignite_realtime — openfire	Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.	2020-12-12	not yet calculated	CVE-2020-35200 MISC
ini — ini	This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.	2020-12-11	not yet calculated	CVE-2020-7788 MISC MISC
jasper — jpc_encoder	There’s a flaw in jasper’s jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.	2020-12-11	not yet calculated	CVE-2020-27828 MISC MISC
kapacitor — kapacitor	Versions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.	2020-12-11	not yet calculated	CVE-2020-29589 MISC MISC MISC MISC MISC
lan_atmservice_m3_atm_monitoring_system	In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.	2020-12-10	not yet calculated	CVE-2020-29667 MISC MISC
lan_atmservice_m3_atm_monitoring_system	In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user’s cookie values and the predefined developer’s cookie value.	2020-12-10	not yet calculated	CVE-2020-29666 MISC MISC
linux — linux_kernel	A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running in parallel on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.	2020-12-11	not yet calculated	CVE-2020-27825 MISC
linux — linux_kernel	A flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.	2020-12-11	not yet calculated	CVE-2020-27786 MISC MISC
macrium_reflect — macrium_reflect	Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:openssl. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.	2020-12-09	not yet calculated	CVE-2020-10143 MISC
mcafee — database_security_server_and_sensor	Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.	2020-12-10	not yet calculated	CVE-2020-7339 MISC
micro_focus — filr	Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.	2020-12-11	not yet calculated	CVE-2020-25838 CONFIRM
microsoft — edge_(edgehtml-based)_and_chakracore	, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’.	2020-12-10	not yet calculated	CVE-2020-17131 MISC
mout — mout	This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn ‘mixes objects into the target object, recursively mixing existing child objects as well’. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.	2020-12-11	not yet calculated	CVE-2020-7792 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
mquery — mquery	lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.	2020-12-11	not yet calculated	CVE-2020-35149 MISC
national_instruments_corp — compactrio	Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.	2020-12-11	not yet calculated	CVE-2020-25191 MISC
netflix — spinnaker	Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests.	2020-12-11	not yet calculated	CVE-2020-9301 CONFIRM
nginx — controller_agent	In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.	2020-12-11	not yet calculated	CVE-2020-27730 CONFIRM
node-notifier — node-notifier	This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.	2020-12-11	not yet calculated	CVE-2020-7789 MISC MISC MISC
nut — nut	An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has ” termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.	2020-12-11	not yet calculated	CVE-2020-25107 MISC MISC
nut — nut	An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution.	2020-12-11	not yet calculated	CVE-2020-25108 MISC MISC
nut — nut	An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.	2020-12-11	not yet calculated	CVE-2020-25110 MISC MISC
nut — nut	An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.	2020-12-11	not yet calculated	CVE-2020-25109 MISC MISC
opencart — opencart_cms	Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.	2020-12-11	not yet calculated	CVE-2020-28838 MISC MISC
palo_alto_networks — cortex_xdr_agent	A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.	2020-12-09	not yet calculated	CVE-2020-2049 CONFIRM
phpoffice — phpspreadsheet	This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch.	2020-12-09	not yet calculated	CVE-2020-7776 MISC MISC MISC
phpshe — phpshe	PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.	2020-12-11	not yet calculated	CVE-2020-19165 MISC
picotcp — picotcp	An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn’t check whether the ICMPv6 echo request packet’s size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in pico_icmp6_send_echoreply_not_frag in pico_icmp6.c.	2020-12-11	not yet calculated	CVE-2020-17443 MISC MISC
picotcp — picotcp	An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).	2020-12-11	not yet calculated	CVE-2020-17441 MISC MISC
picotcp — picotcp	An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c.	2020-12-11	not yet calculated	CVE-2020-17445 MISC MISC
picotcp — picotcp	An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn’t check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c.	2020-12-11	not yet calculated	CVE-2020-17444 MISC MISC
picotcp — picotcp	An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause Denial-of-Service because it affects the loop in which the extension headers are parsed in pico_ipv6_process_hopbyhop() in pico_ipv6.c.	2020-12-11	not yet calculated	CVE-2020-17442 MISC MISC
picotcp — picotcp_and_picotcp-ng	An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.	2020-12-11	not yet calculated	CVE-2020-24337 MISC MISC
picotcp — picotcp_and_picotcp-ng	An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service.	2020-12-11	not yet calculated	CVE-2020-24339 MISC MISC
picotcp — picotcp_and_picotcp-ng	An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service.	2020-12-11	not yet calculated	CVE-2020-24340 MISC MISC
picotcp — picotcp_and_picotcp-ng	An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution.	2020-12-11	not yet calculated	CVE-2020-24338 MISC MISC
picotcp — picotcp_and_picotcp-ng	An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.	2020-12-11	not yet calculated	CVE-2020-24341 MISC MISC
pixar — openusd	An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.	2020-12-11	not yet calculated	CVE-2020-13520 MISC
qnap — qts_and _quts_hero	This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later	2020-12-10	not yet calculated	CVE-2019-7198 CONFIRM
registry — registry	Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.	2020-12-11	not yet calculated	CVE-2020-29591 MISC MISC MISC MISC MISC
sap — netweaver_as_java	Process Integration Monitoring of SAP NetWeaver AS JAVA, versions – 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.	2020-12-09	not yet calculated	CVE-2020-26826 MISC MISC
schneider_electric — easergy_t300_devices	A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.	2020-12-11	not yet calculated	CVE-2020-28216 MISC CONFIRM
schneider_electric — easergy_t300_devices	A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.	2020-12-11	not yet calculated	CVE-2020-28215 MISC CONFIRM
schneider_electric — easergy_t300_devices	A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.	2020-12-11	not yet calculated	CVE-2020-28218 MISC CONFIRM
schneider_electric — easergy_t300_devices	A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.	2020-12-11	not yet calculated	CVE-2020-28217 MISC CONFIRM
schneider_electric — ecostruxure_control_expert_and_unity_pro	A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.	2020-12-11	not yet calculated	CVE-2020-7560 CONFIRM
schneider_electric — ecostruxure_geo_scada_expert_2019	A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.	2020-12-11	not yet calculated	CVE-2020-28219 CONFIRM
schneider_electric — modicon_m221_devices	A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.	2020-12-11	not yet calculated	CVE-2020-28214 MISC CONFIRM
schneider_electric — modicon_m258_devices	A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.	2020-12-11	not yet calculated	CVE-2020-28220 CONFIRM
schneider_electric — modicon_m340_devices	A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.	2020-12-11	not yet calculated	CVE-2020-7536 CONFIRM
schneider_electric — modicon_m340_devices	A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’ Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.	2020-12-11	not yet calculated	CVE-2020-7535 CONFIRM
schneider_electric — multiple_devices	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.	2020-12-11	not yet calculated	CVE-2020-7537 CONFIRM
schneider_electric — multiple_devices	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.	2020-12-11	not yet calculated	CVE-2020-7549 CONFIRM
schneider_electric — multiple_devices	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.	2020-12-11	not yet calculated	CVE-2020-7543 CONFIRM
schneider_electric — multiple_devices	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.	2020-12-11	not yet calculated	CVE-2020-7542 CONFIRM
schneider_electric — multiple_devices	A CWE-425: Direct Request (‘Forced Browsing’) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.	2020-12-11	not yet calculated	CVE-2020-7541 CONFIRM
schneider_electric — multiple_devices	A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.	2020-12-11	not yet calculated	CVE-2020-7540 CONFIRM
schneider_electric — multiple_devices	A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.	2020-12-11	not yet calculated	CVE-2020-7539 CONFIRM
silver_peak — ecos	A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.	2020-12-11	not yet calculated	CVE-2020-12148 MISC
silver_peak — ecos	The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects ll current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.	2020-12-11	not yet calculated	CVE-2020-12149 MISC
smartystreets — smartystreets	A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).	2020-12-11	not yet calculated	CVE-2020-29455 MISC MISC MISC
sophos — cyberoam_os	An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.	2020-12-11	not yet calculated	CVE-2020-29574 MISC MISC
spatie — browsershot	This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.	2020-12-11	not yet calculated	CVE-2020-7790 MISC MISC
sympa — sympa	Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.	2020-12-10	not yet calculated	CVE-2020-29668 MISC MISC MISC MISC
teamspeak — teamspeak	Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the root user. Systems deployed using affected versions of the teamspeak container may allow a remote attacker to achieve root access with a blank password.	2020-12-11	not yet calculated	CVE-2020-29590 MISC MISC MISC MISC
tensorflow — tensorflow	In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.	2020-12-10	not yet calculated	CVE-2020-26268 MISC CONFIRM
tensorflow — tensorflow	In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.	2020-12-10	not yet calculated	CVE-2020-26266 MISC CONFIRM
tensorflow — tensorflow	In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.	2020-12-10	not yet calculated	CVE-2020-26267 MISC CONFIRM
tensorflow — tensorflow	In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched.	2020-12-10	not yet calculated	CVE-2020-26269 MISC CONFIRM
tensorflow — tensorflow	In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.	2020-12-10	not yet calculated	CVE-2020-26271 MISC CONFIRM
tensorflow — tensorflow	In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.	2020-12-10	not yet calculated	CVE-2020-26270 MISC CONFIRM
tikiwiki — tikiwiki	TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.	2020-12-11	not yet calculated	CVE-2020-29254 MISC MISC MISC
totolink — a3002ru_routers	TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system’s ‘Run Command’. An attacker can use this functionality to execute arbitrary OS commands on the router.	2020-12-09	not yet calculated	CVE-2020-25499 MISC CONFIRM
ua-parser-js — ua-parser-js	The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).	2020-12-11	not yet calculated	CVE-2020-7793 MISC MISC MISC MISC
uip — uip	The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.	2020-12-11	not yet calculated	CVE-2020-24334 MISC MISC
uip — uip	An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.	2020-12-11	not yet calculated	CVE-2020-17438 MISC MISC
uip — uip	An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning.	2020-12-11	not yet calculated	CVE-2020-17439 MISC MISC
uip — uip	An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have ” termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c.	2020-12-11	not yet calculated	CVE-2020-17440 MISC MISC
wago — 750-88x_and_750-352_plc_devices	Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.	2020-12-10	not yet calculated	CVE-2020-12516 CONFIRM
wecon — levistudiou	A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.	2020-12-09	not yet calculated	CVE-2020-25199 MISC
western_digital — dashboard	Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.	2020-12-12	not yet calculated	CVE-2020-29654 CONFIRM
western_digital — my_cloud_os	An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.	2020-12-12	not yet calculated	CVE-2020-29563 CONFIRM
wireshark — wireshark	Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.	2020-12-11	not yet calculated	CVE-2020-26420 CONFIRM MISC MISC
wireshark — wireshark	Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.	2020-12-11	not yet calculated	CVE-2020-26421 CONFIRM MISC MISC
wireshark — wireshark	Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.	2020-12-11	not yet calculated	CVE-2020-26419 CONFIRM MISC MISC
wireshark — wireshark	Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.	2020-12-11	not yet calculated	CVE-2020-26418 CONFIRM MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Securing Your Data

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Leave a Reply Cancel Reply

RebootTwice LLC

Helping Your Business Securely Build Success