Original release date: September 21, 2020
High Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
apache — struts
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
2020-09-14
7.5
CVE-2019-0230
MISC
dlink — covr-2600r_firmware
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
2020-09-14
10
CVE-2018-20432
MISC
MISC
google — android
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020).
2020-09-11
7.5
CVE-2020-25283
MISC
google — android
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020).
2020-09-11
7.5
CVE-2020-25282
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.
2020-09-11
7.5
CVE-2020-25260
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses XML deserialization libraries in an unsafe manner.
2020-09-11
7.5
CVE-2020-25259
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.
2020-09-11
7.5
CVE-2020-25258
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer.
2020-09-11
7.5
CVE-2020-25254
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.
2020-09-11
7.5
CVE-2020-25253
MISC
ibm — maximo_asset_management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
2020-09-15
9
CVE-2020-4521
XF
CONFIRM
jenkins — selection_tasks
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.
2020-09-16
9
CVE-2020-2276
MLIST
CONFIRM
lemonldap-ng — lemonldap
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the “Lemonldap::NG handler for Node.js” package.
2020-09-14
7.5
CVE-2020-24660
CONFIRM
CONFIRM
MISC
DEBIAN
mcafee — web_gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system’s root password via improper access controls in the user interface.
2020-09-15
7.7
CVE-2020-7293
MISC
mi — r3600_firmware
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
2020-09-11
10
CVE-2020-14100
MISC
mi — xiaomi_ai_speaker_firmware
Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process.
2020-09-11
7.5
CVE-2020-14096
MISC
microsoft — chakracore
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172.
2020-09-11
7.6
CVE-2020-1180
N/A
microsoft — chakracore
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180.
2020-09-11
7.6
CVE-2020-1172
N/A
microsoft — edge
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180.
2020-09-11
9.3
CVE-2020-1057
N/A
microsoft — exchange_server
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka ‘Microsoft Exchange Server Remote Code Execution Vulnerability’.
2020-09-11
9
CVE-2020-16875
MISC
N/A
microsoft — visual_studio
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16856.
2020-09-11
9.3
CVE-2020-16874
N/A
microsoft — visual_studio
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16874.
2020-09-11
9.3
CVE-2020-16856
N/A
microsoft — visual_studio_code
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’.
2020-09-11
9.3
CVE-2020-16881
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka ‘Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-0782
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-1590
N/A
microsoft — windows_10
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka ‘Windows Text Service Module Remote Code Execution Vulnerability’.
2020-09-11
7.6
CVE-2020-0908
N/A
microsoft — windows_10
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1593.
2020-09-11
9.3
CVE-2020-1508
N/A
microsoft — windows_10
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1129.
2020-09-11
9.3
CVE-2020-1319
N/A
microsoft — windows_10
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’.
2020-09-11
9.3
CVE-2020-1285
N/A
microsoft — windows_10
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1039.
2020-09-11
9.3
CVE-2020-1074
N/A
microsoft — windows_10
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1074.
2020-09-11
9.3
CVE-2020-1039
N/A
microsoft — windows_10
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’.
2020-09-11
9.3
CVE-2020-0997
N/A
MISC
microsoft — windows_10
A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Remote Code Execution Vulnerability’.
2020-09-11
9.3
CVE-2020-0922
N/A
microsoft — windows_10
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka ‘Windows Defender Application Control Security Feature Bypass Vulnerability’.
2020-09-11
7.2
CVE-2020-0951
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka ‘Group Policy Elevation of Privilege Vulnerability’.
2020-09-11
9.3
CVE-2020-1013
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Shell infrastructure component Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-0870
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1053.
2020-09-11
7.2
CVE-2020-1308
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-1245
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka ‘NTFS Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-0838
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-1030
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-0998
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-1034
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka ‘Windows Modules Installer Elevation of Privilege Vulnerability’.
2020-09-11
7.2
CVE-2020-0911
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1559.
2020-09-11
7.2
CVE-2020-0886
N/A
projectworlds — house_rental
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.
2020-09-15
7.5
CVE-2020-23833
MISC
MISC
MISC
Back to top
Medium Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
accesspressthemes — wp_floating_menu
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
2020-09-14
4.3
CVE-2020-25378
MISC
apache — cocoon
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
2020-09-11
5
CVE-2020-11991
MISC
apache — struts
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
2020-09-14
5
CVE-2019-0233
MISC
argosoft — mail_server
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF.
2020-09-11
6.8
CVE-2020-23824
MISC
atlassian — jira
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
2020-09-17
5
CVE-2020-14181
MISC
blackcat-cms — blackcat_cms
An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
2020-09-15
6.8
CVE-2020-25453
MISC
bluetooth — bluetooth_core_specification
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.
2020-09-11
4.3
CVE-2020-15802
MISC
MISC
codoforum — codoforum
Codoforum 4.8.3 allows HTML Injection in the ‘admin dashboard Manage users Section.’
2020-09-14
4.3
CVE-2020-21845
MISC
MISC
cryptsetup_project — cryptsetup
A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file ‘lib/luks2/luks2_json_metadata.c’ in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement “intervals = malloc(first_backup * sizeof(*intervals));”). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.
2020-09-16
6.8
CVE-2020-14382
MISC
FEDORA
UBUNTU
ctolog — thinkadmin
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
2020-09-14
5
CVE-2020-25540
MISC
MISC
MISC
dataiku — data_science_studio
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the “Created by” metadata.
2020-09-14
5.5
CVE-2020-8817
MISC
CONFIRM
ericsson — rx8200_firmware
Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the “path” or “Services+ID” parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the “name” parameter with the malicious code.
2020-09-14
4.3
CVE-2020-22158
MISC
gazie_project — gazie
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.
2020-09-14
4.3
CVE-2020-21731
MISC
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.
2020-09-14
6.5
CVE-2020-13302
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
2020-09-14
4
CVE-2020-13316
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues
2020-09-14
4
CVE-2020-13287
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.
2020-09-15
4
CVE-2020-13308
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
2020-09-14
4
CVE-2020-13313
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project.
2020-09-15
4
CVE-2020-13303
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.
2020-09-14
4
CVE-2020-13311
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
2020-09-14
4
CVE-2020-13310
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.
2020-09-14
4
CVE-2020-13317
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.
2020-09-14
4
CVE-2020-13305
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
2020-09-14
5.5
CVE-2020-13284
CONFIRM
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
2020-09-14
4.9
CVE-2020-13318
CONFIRM
MISC
gitlab — gitlab
GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
2020-09-14
6.4
CVE-2020-13300
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.
2020-09-14
5.5
CVE-2020-13289
CONFIRM
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
2020-09-14
5
CVE-2020-13312
CONFIRM
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.
2020-09-15
6
CVE-2020-13307
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.
2020-09-14
5
CVE-2020-13314
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.
2020-09-14
5.5
CVE-2020-13299
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.
2020-09-14
4.9
CVE-2020-13297
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
2020-09-14
5
CVE-2020-13306
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
2020-09-14
5
CVE-2020-13298
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.
2020-09-14
6.5
CVE-2020-13304
CONFIRM
MISC
MISC
gonitro — nitro_pro
An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an ‘ICCBased’ colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.
2020-09-16
6.8
CVE-2020-6146
MISC
google — android
In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155646800
2020-09-18
4.6
CVE-2020-0273
MISC
google — android
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).
2020-09-11
5
CVE-2020-25281
MISC
google — android
In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119
2020-09-18
4.6
CVE-2020-0326
MISC
google — android
In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479
2020-09-18
5
CVE-2020-0286
MISC
gradle — enterprise
An issue was discovered in Gradle Enterprise 2017.3 – 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 – 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path.
2020-09-18
5
CVE-2020-15768
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user’s password.
2020-09-18
5
CVE-2020-15770
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user’s anti-CSRF token if the user initiates a cleartext HTTP request.
2020-09-18
4.3
CVE-2020-15767
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise 2018.2 – 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie.
2020-09-18
6.8
CVE-2020-15776
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise 2020.2 – 2020.2.4. An XSS issue exists via the request URL.
2020-09-18
4.3
CVE-2020-15769
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur.
2020-09-18
5
CVE-2020-15771
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure.
2020-09-18
4.6
CVE-2020-15774
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise 2017.1 – 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics.
2020-09-18
5
CVE-2020-15775
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.
2020-09-18
4
CVE-2020-15773
MISC
CONFIRM
gradle — enterprise
An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration.
2020-09-18
4
CVE-2020-15772
MISC
CONFIRM
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI certificates have a private key that is the same across different customers’ installations.
2020-09-11
6.4
CVE-2020-25256
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
2020-09-11
6.4
CVE-2020-25251
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations.
2020-09-11
5
CVE-2020-25249
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry.
2020-09-11
5
CVE-2020-25255
MISC
hyland — onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).
2020-09-11
6.8
CVE-2020-25252
MISC
ibm — maximo_asset_management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437.
2020-09-15
6.5
CVE-2019-4671
XF
CONFIRM
ibm — maximo_asset_management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.
2020-09-15
4.3
CVE-2020-4526
XF
CONFIRM
ibm — spectrum_protect_plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
2020-09-15
6
CVE-2020-4703
XF
CONFIRM
ibm — spectrum_protect_plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.
2020-09-15
4
CVE-2020-4711
XF
CONFIRM
inspircd — inspircd
An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.
2020-09-11
6.8
CVE-2019-20918
MISC
MISC
MISC
inspircd — inspircd
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
2020-09-11
6.8
CVE-2019-20917
MISC
MISC
MISC
MLIST
DEBIAN
inspircd — inspircd
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
2020-09-11
6.8
CVE-2020-25269
MISC
MISC
MISC
MLIST
DEBIAN
istio-operator_project — istio-operator
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2020-09-16
6.5
CVE-2020-14306
MISC
MISC
jenkins — blue_ocean
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
2020-09-16
4
CVE-2020-2255
MLIST
CONFIRM
jenkins — copy_data_to_workspace
Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.
2020-09-16
4
CVE-2020-2275
MLIST
CONFIRM
jenkins — elastest
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
2020-09-16
4.3
CVE-2020-2273
MLIST
CONFIRM
jenkins — elastest
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
2020-09-16
4
CVE-2020-2272
MLIST
CONFIRM
jenkins — email_extension
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
2020-09-16
5.8
CVE-2020-2253
MLIST
CONFIRM
jenkins — health_advisor_by_cloudbees
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.
2020-09-16
4
CVE-2020-2258
MLIST
CONFIRM
jenkins — mailer
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
2020-09-16
5.8
CVE-2020-2252
MLIST
CONFIRM
jenkins — mongodb
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
2020-09-16
4
CVE-2020-2267
MLIST
CONFIRM
jenkins — perfecto
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
2020-09-16
4
CVE-2020-2260
MLIST
CONFIRM
jenkins — perfecto
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
2020-09-16
6.5
CVE-2020-2261
MLIST
CONFIRM
jenkins — storable_configs
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
2020-09-16
4
CVE-2020-2277
MLIST
CONFIRM
jenkins — storable_configs
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other ‘.xml’ file on the Jenkins controller with a job config.xml file’s content.
2020-09-16
4
CVE-2020-2278
MLIST
CONFIRM
kaiostech — kaios
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application’s UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application’s UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application.
2020-09-14
4.3
CVE-2019-14756
MISC
kaiostech — kaios
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.
2020-09-14
4.3
CVE-2019-14757
MISC
MISC
kaiostech — kaios
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.
2020-09-14
4.3
CVE-2019-14758
MISC
MISC
kingsoft — wps_office
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
2020-09-13
6.8
CVE-2020-25291
MISC
linux — linux_kernel
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
2020-09-13
4.4
CVE-2020-25285
MISC
MISC
MISC
linux4sam — at91bootstrap
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).
2020-09-14
6.4
CVE-2020-11684
MISC
MISC
linux4sam — at91bootstrap
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
2020-09-14
4.6
CVE-2020-11683
MISC
MISC
mcafee — email_gateway
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory.
2020-09-16
4
CVE-2020-7268
MISC
mcafee — web_gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.
2020-09-15
4.1
CVE-2020-7295
CONFIRM
mcafee — web_gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.
2020-09-15
4.1
CVE-2020-7294
CONFIRM
microchip — atsama5d21c-cu_firmware
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
2020-09-14
5
CVE-2020-12788
MISC
microchip — atsama5d21c-cu_firmware
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
2020-09-14
4.3
CVE-2020-12789
MISC
microchip — atsama5d21c-cu_firmware
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
2020-09-14
4.3
CVE-2020-12787
MISC
microsoft — 365_apps
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ‘Microsoft Excel Information Disclosure Vulnerability’.
2020-09-11
4.3
CVE-2020-1224
N/A
microsoft — 365_apps
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1338.
2020-09-11
6.8
CVE-2020-1218
N/A
microsoft — 365_apps
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1218.
2020-09-11
6.8
CVE-2020-1338
N/A
microsoft — asp.net_core
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka ‘Microsoft ASP.NET Core Security Feature Bypass Vulnerability’.
2020-09-11
5
CVE-2020-1045
FEDORA
N/A
microsoft — dynamics_365
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16860.
2020-09-11
6.5
CVE-2020-16862
N/A
microsoft — dynamics_365
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16862.
2020-09-11
6.5
CVE-2020-16860
N/A
microsoft — dynamics_365_for_finance_and_operations
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’.
2020-09-11
6.5
CVE-2020-16857
N/A
microsoft — edge
A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka ‘Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability’.
2020-09-11
6.8
CVE-2020-16884
N/A
microsoft — internet_explorer
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’.
2020-09-11
5.1
CVE-2020-0878
N/A
microsoft — internet_explorer
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘Windows Start-Up Application Elevation of Privilege Vulnerability’.
2020-09-11
6.8
CVE-2020-1506
N/A
microsoft — internet_explorer
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘WinINet API Elevation of Privilege Vulnerability’.
2020-09-11
6.8
CVE-2020-1012
N/A
microsoft — office
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka ‘Microsoft Office Information Disclosure Vulnerability’.
2020-09-11
4.3
CVE-2020-16855
N/A
microsoft — sharepoint_enterprise_server
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’.
2020-09-11
4.9
CVE-2020-1205
N/A
microsoft — sharepoint_enterprise_server
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka ‘Microsoft SharePoint Server Remote Code Execution Vulnerability’.
2020-09-11
6.5
CVE-2020-1460
N/A
microsoft — sharepoint_enterprise_server
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1523.
2020-09-11
4
CVE-2020-1440
N/A
microsoft — sharepoint_server
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1440.
2020-09-11
4
CVE-2020-1523
N/A
microsoft — sql_server_reporting_services
A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka ‘SQL Server Reporting Services Security Feature Bypass Vulnerability’.
2020-09-11
4
CVE-2020-1044
N/A
microsoft — visual_studio
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1133.
2020-09-11
4.6
CVE-2020-1130
N/A
microsoft — visual_studio
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1130.
2020-09-11
4.6
CVE-2020-1133
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-0912
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159.
2020-09-11
4.6
CVE-2020-1376
N/A
microsoft — windows_10
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1319.
2020-09-11
6.8
CVE-2020-1129
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0766.
2020-09-11
4.6
CVE-2020-1146
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376.
2020-09-11
4.6
CVE-2020-1159
N/A
microsoft — windows_10
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’.
2020-09-11
6.8
CVE-2020-1252
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka ‘Windows Function Discovery Service Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1491
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows InstallService Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1532
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1303.
2020-09-11
6.8
CVE-2020-1169
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka ‘Windows Win32k Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1152
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1308.
2020-09-11
4.6
CVE-2020-1053
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1115
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Windows Shell Infrastructure Component Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1098
N/A
microsoft — windows_10
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka ‘Windows Routing Utilities Denial of Service’.
2020-09-11
4.9
CVE-2020-1038
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376.
2020-09-11
4.6
CVE-2020-1052
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka ‘Windows CloudExperienceHost Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1471
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrslvr.dll Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-0839
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Elevation of Privilege Vulnerability’.
2020-09-11
6.8
CVE-2020-1507
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1091.
2020-09-11
4.3
CVE-2020-1097
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1097.
2020-09-11
4.3
CVE-2020-1091
N/A
microsoft — windows_10
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1508.
2020-09-11
6.8
CVE-2020-1593
N/A
microsoft — windows_10
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-0790
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka ‘Windows UPnP Service Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1598
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.
2020-09-11
4.3
CVE-2020-1256
N/A
microsoft — windows_10
An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Information Disclosure Vulnerability’.
2020-09-11
4.3
CVE-2020-0875
N/A
microsoft — windows_10
An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka ‘Windows DHCP Server Information Disclosure Vulnerability’.
2020-09-11
5
CVE-2020-1031
N/A
microsoft — windows_10
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0904.
2020-09-11
4.9
CVE-2020-0890
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0886.
2020-09-11
4.6
CVE-2020-1559
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1169.
2020-09-11
6.8
CVE-2020-1303
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka ‘Windows Language Pack Installer Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-1122
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows RSoP Service Application Elevation of Privilege Vulnerability’.
2020-09-11
4.6
CVE-2020-0648
N/A
microsoft — windows_10
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1146.
2020-09-11
4.6
CVE-2020-0766
N/A
microsoft — windows_10
A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka ‘ADFS Spoofing Vulnerability’.
2020-09-11
4
CVE-2020-0837
N/A
microsoft — windows_server_2008
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0856.
2020-09-11
4
CVE-2020-0664
N/A
microsoft — windows_server_2008
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0836.
2020-09-11
4
CVE-2020-1228
N/A
microsoft — windows_server_2008
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0761.
2020-09-11
6.5
CVE-2020-0718
N/A
microsoft — windows_server_2008
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1228.
2020-09-11
5
CVE-2020-0836
N/A
microsoft — windows_server_2008
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0664.
2020-09-11
4
CVE-2020-0856
N/A
microsoft — windows_server_2008
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0718.
2020-09-11
6.5
CVE-2020-0761
N/A
microsoft — xamarin.forms
A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka ‘Xamarin.Forms Spoofing Vulnerability’.
2020-09-11
6.8
CVE-2020-16873
N/A
mikrotik — routeros
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
2020-09-14
5
CVE-2020-11881
MISC
MISC
perl — dbi
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
2020-09-11
5
CVE-2013-7490
MISC
MISC
MISC
UBUNTU
perl — dbi
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
2020-09-11
5
CVE-2013-7491
MISC
MISC
MISC
perl — dbi
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
2020-09-11
5
CVE-2014-10401
MISC
MISC
MISC
UBUNTU
perl — dbi
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
2020-09-17
5
CVE-2019-20919
MISC
MISC
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.
2020-09-11
4.6
CVE-2020-16212
MISC
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.
2020-09-11
5.2
CVE-2020-16228
MISC
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
2020-09-11
5.8
CVE-2020-16222
MISC
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
2020-09-11
5.8
CVE-2020-16214
MISC
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.
2020-09-11
6.1
CVE-2020-16216
MISC
pligg_project — pligg
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.
2020-09-13
6.5
CVE-2020-25287
MISC
primekey — ejbca
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.)
2020-09-11
6.8
CVE-2020-25276
MISC
qnap — helpdesk
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
2020-09-11
4
CVE-2018-19947
MISC
qnap — helpdesk
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
2020-09-11
4.3
CVE-2018-19948
MISC
qnap — helpdesk
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
2020-09-11
4.3
CVE-2018-19946
MISC
rails — action_view
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View’s translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
2020-09-11
4.3
CVE-2020-15169
CONFIRM
recall-products_project — recall-products
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the ‘Manufacturer[]’ parameter which allows an authenticated attacker to inject a malicious SQL query.
2020-09-14
6.5
CVE-2020-25379
MISC
rukovoditel — rukovoditel
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
2020-09-14
4.3
CVE-2020-21732
MISC
MISC
MISC
sagemcom — f@st_3686_firmware
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
2020-09-14
4.3
CVE-2020-21733
MISC
MISC
MISC
MISC
spiceworks — spiceworks
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via “/settings/v1/users” function.
2020-09-15
6.8
CVE-2020-23451
MISC
MISC
taoensso — nippy
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
2020-09-11
6.8
CVE-2020-24164
MISC
vtenext — vtenext
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
2020-09-14
6.5
CVE-2020-10228
MISC
MISC
MISC
vtenext — vtenext
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
2020-09-14
4.3
CVE-2020-10227
MISC
MISC
MISC
vtenext — vtenext
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator’s behalf, such as uploading files, adding users, and deleting accounts.
2020-09-14
6.8
CVE-2020-10229
MISC
MISC
MISC
wibu — codemeter
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
2020-09-16
5
CVE-2020-16233
MISC
wordpress — wordpress
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
2020-09-13
5
CVE-2020-25286
MISC
MISC
x.org — libx11
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
2020-09-11
4.6
CVE-2020-14363
CONFIRM
MISC
UBUNTU
x.org — xorg-server
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2020-09-15
4.6
CVE-2020-14346
MISC
MISC
UBUNTU
x.org — xorg-server
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2020-09-15
4.6
CVE-2020-14362
MISC
MISC
UBUNTU
x.org — xorg-server
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2020-09-15
4.6
CVE-2020-14361
MISC
MISC
UBUNTU
zeromq — libzmq
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.
2020-09-11
5
CVE-2020-15166
MISC
MISC
CONFIRM
GENTOO
Back to top
Low Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
avast — secureline_vpn
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
2020-09-13
2.1
CVE-2020-25289
MISC
canonical — ubuntu-ui-toolkit
On desktop, Ubuntu UI Toolkit’s StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.
2020-09-11
2.1
CVE-2014-1420
UBUNTU
UBUNTU
elementor — elementor_page_builder
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.
2020-09-16
3.5
CVE-2020-20406
MISC
elkarbackup — elkarbackup
A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter
2020-09-15
3.5
CVE-2020-24924
MISC
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
2020-09-14
3.5
CVE-2020-13301
CONFIRM
MISC
MISC
google — android
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695
2020-09-18
2.1
CVE-2020-0304
MISC
google — android
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779
2020-09-18
2.1
CVE-2020-0349
MISC
google — android
In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309
2020-09-18
2.1
CVE-2020-0325
MISC
google — android
In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device’s IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310
2020-09-18
2.1
CVE-2020-0331
MISC
google — android
In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919
2020-09-18
2.1
CVE-2020-0316
MISC
google — android
In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130
2020-09-18
2.1
CVE-2020-0263
MISC
google — android
In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026
2020-09-18
2.1
CVE-2020-0315
MISC
google — android
In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989
2020-09-18
2.1
CVE-2020-0313
MISC
google — android
In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642
2020-09-18
2.1
CVE-2020-0311
MISC
google — android
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468
2020-09-18
2.1
CVE-2020-0310
MISC
google — android
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867
2020-09-18
2.1
CVE-2020-0307
MISC
google — android
In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375
2020-09-18
2.1
CVE-2020-0302
MISC
google — android
In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487
2020-09-18
2.1
CVE-2020-0272
MISC
google — android
In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969
2020-09-18
2.1
CVE-2020-0295
MISC
google — android
In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407
2020-09-18
2.1
CVE-2020-0327
MISC
google — android
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839
2020-09-18
2.1
CVE-2020-0265
MISC
google — android
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626
2020-09-18
2.1
CVE-2020-0269
MISC
google — android
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016
2020-09-18
2.1
CVE-2020-0291
MISC
google — android
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586
2020-09-18
2.1
CVE-2020-0276
MISC
google — android
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784
2020-09-18
2.1
CVE-2020-0284
MISC
google — android
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479
2020-09-18
2.1
CVE-2020-0285
MISC
google — android
In the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154915372
2020-09-18
2.1
CVE-2020-0294
MISC
google — android
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252
2020-09-18
2.1
CVE-2020-0292
MISC
huawei — bla-a09_firmware
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab
2020-09-11
2.1
CVE-2020-9239
MISC
ibm — business_automation_workflow
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714.
2020-09-15
3.5
CVE-2020-4530
XF
CONFIRM
ibm — tivoli_business_service_manager
IBM Tivoli Business Service Manager 6.2.0.0 – 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
2020-09-15
2.1
CVE-2020-4344
XF
CONFIRM
jenkins — android_lint
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s post-build step.
2020-09-16
3.5
CVE-2020-2262
MLIST
CONFIRM
jenkins — blue_ocean
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
2020-09-16
3.5
CVE-2020-2254
MLIST
CONFIRM
jenkins — chosen-views-tabbar
Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.
2020-09-16
3.5
CVE-2020-2269
MLIST
CONFIRM
jenkins — clearcase_release
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
2020-09-16
3.5
CVE-2020-2270
MLIST
CONFIRM
jenkins — computer_queue
Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
2020-09-16
3.5
CVE-2020-2259
MLIST
CONFIRM
jenkins — coverage/complexity_scatter_plot
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s post-build step.
2020-09-16
3.5
CVE-2020-2265
MLIST
CONFIRM
jenkins — custom_job_icon
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
2020-09-16
3.5
CVE-2020-2264
MLIST
CONFIRM
jenkins — description_column
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
2020-09-16
3.5
CVE-2020-2266
MLIST
CONFIRM
jenkins — elastest
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
2020-09-16
2.1
CVE-2020-2274
MLIST
CONFIRM
jenkins — locked_files_report
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files’ names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
2020-09-16
3.5
CVE-2020-2271
MLIST
CONFIRM
jenkins — pipeline_maven_integration
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
2020-09-16
3.5
CVE-2020-2256
MLIST
CONFIRM
jenkins — radiator_view
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
2020-09-16
3.5
CVE-2020-2263
MLIST
CONFIRM
jenkins — validating_string_parameter
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
2020-09-16
3.5
CVE-2020-2257
MLIST
CONFIRM
kaiostech — kaios
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.
2020-09-14
1.9
CVE-2019-14759
MISC
kaiostech — kaios
An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.
2020-09-14
1.9
CVE-2019-14760
MISC
MISC
kaiostech — kaios
An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.
2020-09-14
1.9
CVE-2019-14761
MISC
MISC
linux — linux_kernel
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
2020-09-13
2.1
CVE-2020-25284
MISC
MISC
mcafee — web_gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
2020-09-16
2.7
CVE-2020-7297
MISC
mcafee — web_gateway
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
2020-09-15
2.7
CVE-2020-7296
CONFIRM
microsoft — onedrive
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853.
2020-09-11
3.6
CVE-2020-16852
N/A
microsoft — onedrive
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852.
2020-09-11
3.6
CVE-2020-16853
N/A
microsoft — onedrive
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853.
2020-09-11
3.6
CVE-2020-16851
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Information Disclosure Vulnerability’.
2020-09-11
2.1
CVE-2020-0914
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0941.
2020-09-11
2.1
CVE-2020-1250
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1250.
2020-09-11
2.1
CVE-2020-0941
N/A
microsoft — windows_10
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka ‘Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability’.
2020-09-11
2.1
CVE-2020-0989
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.
2020-09-11
2.1
CVE-2020-1033
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0921.
2020-09-11
2.1
CVE-2020-1083
N/A
microsoft — windows_10
An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka ‘Windows Information Disclosure Vulnerability’.
2020-09-11
2.1
CVE-2020-1119
N/A
microsoft — windows_10
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0890.
2020-09-11
2.1
CVE-2020-0904
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854.
2020-09-11
2.1
CVE-2020-1592
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.
2020-09-11
2.1
CVE-2020-0928
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592.
2020-09-11
2.1
CVE-2020-16854
N/A
microsoft — windows_10
An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Information Disclosure Vulnerability’.
2020-09-11
2.1
CVE-2020-16879
N/A
microsoft — windows_10
A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Security Feature Bypass Vulnerability’.
2020-09-11
2.1
CVE-2020-0805
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854.
2020-09-11
2.1
CVE-2020-1589
N/A
microsoft — windows_10
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1083.
2020-09-11
2.1
CVE-2020-0921
N/A
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
2020-09-11
2.7
CVE-2020-16218
MISC
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart.
2020-09-11
3.3
CVE-2020-16224
MISC
philips — patient_information_center_ix
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.
2020-09-11
3.3
CVE-2020-16220
MISC
recall-products_project — recall-products
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the ‘Recall Settings’ field in admin.php. An attacker can inject JavaScript code that will be stored and executed.
2020-09-14
3.5
CVE-2020-25380
MISC
redhat — ansible_engine
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
2020-09-11
2.1
CVE-2020-14330
CONFIRM
MISC
softrade — wp_smart_crm_&_invoices
Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.
2020-09-14
3.5
CVE-2020-25375
MISC
Back to top
Severity Not Yet Assigned
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
1crm — 1crm_system
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.
2020-09-18
not yet calculated
CVE-2020-15958
MISC
MISC
MISC
MISC
adobe — media_encoder
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
2020-09-18
not yet calculated
CVE-2020-9745
MISC
adobe — media_encoder
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
2020-09-18
not yet calculated
CVE-2020-9739
MISC
adobe — media_encoder
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
2020-09-18
not yet calculated
CVE-2020-9744
MISC
alfresco — alfresco
The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.
2020-09-17
not yet calculated
CVE-2020-25727
MISC
alfresco — alfresco
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user’s account password include the admin account.
2020-09-17
not yet calculated
CVE-2020-25728
MISC
alfresco — alfresco
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin’s access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0
2020-09-18
not yet calculated
CVE-2020-15181
MISC
CONFIRM
amq — online_console
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.
2020-09-16
not yet calculated
CVE-2020-14348
MISC
apache — airflow
In Apache Airflow < 1.10.12, the “origin” parameter passed to some of the endpoints like ‘/trigger’ was vulnerable to XSS exploit.
2020-09-17
not yet calculated
CVE-2020-13944
MISC
apache — atlas
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
2020-09-16
not yet calculated
CVE-2020-13928
MISC
apache — superset
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE.
2020-09-17
not yet calculated
CVE-2020-13948
MISC
apache — syncope
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.
2020-09-15
not yet calculated
CVE-2020-11977
MISC
bosch — smart_home_system
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
2020-09-16
not yet calculated
CVE-2020-6781
MISC
buffalo — airstation_whr-g54s
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
2020-09-18
not yet calculated
CVE-2020-5605
MISC
MISC
buffalo — airstation_whr-g54s
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
2020-09-18
not yet calculated
CVE-2020-5606
MISC
MISC
citrix — multiple_products
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
2020-09-18
not yet calculated
CVE-2020-8245
MISC
citrix — multiple_products
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.
2020-09-18
not yet calculated
CVE-2020-8246
MISC
citrix — multiple_products
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
2020-09-18
not yet calculated
CVE-2020-8247
MISC
citrix — multiple_xenmobile_servers
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
2020-09-18
not yet calculated
CVE-2020-8253
MISC
citrix — storefront_server
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
2020-09-18
not yet calculated
CVE-2020-8200
MISC
colin_percival — bsdiff
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
2020-09-16
not yet calculated
CVE-2020-14315
MISC
MISC
MISC
d-link — dir-816L_and_dir-803_devices
** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.
2020-09-19
not yet calculated
CVE-2020-25786
MISC
MISC
dotplant2 — dotplant2
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST[‘xml’]) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2020-09-18
not yet calculated
CVE-2020-25750
MISC
elkarbackup — elkarbackup
A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php
2020-09-15
not yet calculated
CVE-2020-24925
MISC
MISC
ewon — flexy_and_cosy
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
2020-09-18
not yet calculated
CVE-2020-16230
MISC
fasterxml — jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
2020-09-17
not yet calculated
CVE-2020-24750
MISC
freebox — freebox_hd
A DNS rebinding vulnerability in Freebox HD before 1.5.29.
2020-09-16
not yet calculated
CVE-2020-24374
MISC
freebox — freebox_server
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.
2020-09-16
not yet calculated
CVE-2020-24377
MISC
freebox — upnp_idg
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox Server before 4.2.3.
2020-09-16
not yet calculated
CVE-2020-24376
MISC
freebox — upnp_mediaserver
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
2020-09-16
not yet calculated
CVE-2020-24373
MISC
fwupd — fwupd
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
2020-09-15
not yet calculated
CVE-2020-10759
MISC
MISC
gallagher — command_centre
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.
2020-09-15
not yet calculated
CVE-2020-16097
MISC
gallagher — command_centre
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.
2020-09-15
not yet calculated
CVE-2020-16096
MISC
gallagher — command_centre
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
2020-09-15
not yet calculated
CVE-2020-16101
MISC
gallagher — command_centre
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service’s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
2020-09-15
not yet calculated
CVE-2020-16100
MISC
gallagher — command_centre
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.
2020-09-15
not yet calculated
CVE-2020-16099
MISC
gallagher — command_centre
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
2020-09-15
not yet calculated
CVE-2020-16098
MISC
genexis — platinum_4410
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
2020-09-16
not yet calculated
CVE-2020-25015
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.
2020-09-14
not yet calculated
CVE-2020-13315
CONFIRM
MISC
MISC
gitlab — gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
2020-09-14
not yet calculated
CVE-2020-13309
CONFIRM
MISC
MISC
gnuplot — gnuplot
gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution.
2020-09-16
not yet calculated
CVE-2020-25412
MISC
gnuplot — gnuplot
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
2020-09-16
not yet calculated
CVE-2020-25559
MISC
google — android_10_and_11_devices
In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026
2020-09-17
not yet calculated
CVE-2020-0390
MISC
google — android_10_and_11_devices
In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488
2020-09-17
not yet calculated
CVE-2020-0382
MISC
google — android_10_and_11_devices
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285
2020-09-17
not yet calculated
CVE-2020-0388
MISC
google — android_10_and_11_devices
In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408
2020-09-17
not yet calculated
CVE-2020-0389
MISC
google — android_11_devices
In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085
2020-09-17
not yet calculated
CVE-2020-0330
MISC
google — android_11_devices
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224
2020-09-18
not yet calculated
CVE-2020-0282
MISC
google — android_11_devices
In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132274514
2020-09-17
not yet calculated
CVE-2020-0363
MISC
google — android_11_devices
In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211
2020-09-17
not yet calculated
CVE-2020-0267
MISC
google — android_11_devices
In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755
2020-09-17
not yet calculated
CVE-2020-0333
MISC
google — android_11_devices
In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459
2020-09-17
not yet calculated
CVE-2020-0266
MISC
google — android_11_devices
In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151927433
2020-09-17
not yet calculated
CVE-2020-0361
MISC
google — android_11_devices
In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131
2020-09-18
not yet calculated
CVE-2020-0318
MISC
google — android_11_devices
In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144920149
2020-09-17
not yet calculated
CVE-2020-0341
MISC
google — android_11_devices
In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119
2020-09-18
not yet calculated
CVE-2020-0299
MISC
google — android_11_devices
In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925
2020-09-17
not yet calculated
CVE-2020-0274
MISC
google — android_11_devices
In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721
2020-09-17
not yet calculated
CVE-2020-0345
MISC
google — android_11_devices
In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139666480
2020-09-17
not yet calculated
CVE-2020-0306
MISC
google — android_11_devices
In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357
2020-09-17
not yet calculated
CVE-2020-0308
MISC
google — android_11_devices
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765
2020-09-18
not yet calculated
CVE-2020-0319
MISC
google — android_11_devices
In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493
2020-09-17
not yet calculated
CVE-2020-0355
MISC
google — android_11_devices
In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147
2020-09-17
not yet calculated
CVE-2020-0372
MISC
google — android_11_devices
In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563
2020-09-17
not yet calculated
CVE-2020-0358
MISC
google — android_11_devices
In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770
2020-09-17
not yet calculated
CVE-2020-0364
MISC
google — android_11_devices
In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002762
2020-09-17
not yet calculated
CVE-2020-0346
MISC
google — android_11_devices
In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154921790
2020-09-17
not yet calculated
CVE-2020-0426
MISC
google — android_11_devices
In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920
2020-09-17
not yet calculated
CVE-2020-0314
MISC
google — android_11_devices
In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266
2020-09-18
not yet calculated
CVE-2020-0298
MISC
google — android_11_devices
In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129456
2020-09-17
not yet calculated
CVE-2020-0360
MISC
google — android_11_devices
There is a possible way to view notifications even when the “Lockdown” feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124000380
2020-09-17
not yet calculated
CVE-2020-0425
MISC
google — android_11_devices
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123237930
2020-09-17
not yet calculated
CVE-2020-0362
MISC
google — android_11_devices
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582
2020-09-18
not yet calculated
CVE-2020-0348
MISC
google — android_11_devices
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569
2020-09-17
not yet calculated
CVE-2020-0357
MISC
google — android_11_devices
In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559
2020-09-17
not yet calculated
CVE-2020-0356
MISC
google — android_11_devices
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331
2020-09-18
not yet calculated
CVE-2020-0354
MISC
google — android_11_devices
In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777526
2020-09-17
not yet calculated
CVE-2020-0353
MISC
google — android_11_devices
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310
2020-09-17
not yet calculated
CVE-2020-0352
MISC
google — android_11_devices
In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537
2020-09-17
not yet calculated
CVE-2020-0351
MISC
google — android_11_devices
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089
2020-09-18
not yet calculated
CVE-2020-0350
MISC
google — android_11_devices
In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216
2020-09-18
not yet calculated
CVE-2020-0300
MISC
google — android_11_devices
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382
2020-09-17
not yet calculated
CVE-2020-0337
MISC
google — android_11_devices
In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008
2020-09-18
not yet calculated
CVE-2020-0347
MISC
google — android_11_devices
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596
2020-09-17
not yet calculated
CVE-2020-0264
MISC
google — android_11_devices
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111
2020-09-18
not yet calculated
CVE-2020-0405
MISC
google — android_11_devices
In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137794014
2020-09-17
not yet calculated
CVE-2020-0406
MISC
google — android_11_devices
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253476
2020-09-17
not yet calculated
CVE-2020-0375
MISC
google — android_11_devices
In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602
2020-09-17
not yet calculated
CVE-2020-0374
MISC
google — android_11_devices
In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146894086
2020-09-17
not yet calculated
CVE-2020-0373
MISC
google — android_11_devices
In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-112051700
2020-09-17
not yet calculated
CVE-2020-0370
MISC
google — android_11_devices
In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130231426
2020-09-17
not yet calculated
CVE-2020-0369
MISC
google — android_11_devices
In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018
2020-09-17
not yet calculated
CVE-2020-0359
MISC
google — android_11_devices
In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580
2020-09-18
not yet calculated
CVE-2020-0365
MISC
google — android_11_devices
In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144901522
2020-09-17
not yet calculated
CVE-2020-0340
MISC
google — android_11_devices
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107
2020-09-17
not yet calculated
CVE-2020-0338
MISC
google — android_11_devices
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444
2020-09-17
not yet calculated
CVE-2020-0336
MISC
google — android_11_devices
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887
2020-09-17
not yet calculated
CVE-2020-0344
MISC
google — android_11_devices
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504
2020-09-18
not yet calculated
CVE-2020-0335
MISC
google — android_11_devices
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915
2020-09-18
not yet calculated
CVE-2020-0334
MISC
google — android_11_devices
In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472
2020-09-17
not yet calculated
CVE-2020-0343
MISC
google — android_11_devices
In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982
2020-09-17
not yet calculated
CVE-2020-0332
MISC
google — android_11_devices
In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131
2020-09-17
not yet calculated
CVE-2020-0328
MISC
google — android_11_devices
In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304
2020-09-17
not yet calculated
CVE-2020-0324
MISC
google — android_11_devices
In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087
2020-09-17
not yet calculated
CVE-2020-0323
MISC
google — android_11_devices
In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540
2020-09-17
not yet calculated
CVE-2020-0322
MISC
google — android_11_devices
In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907
2020-09-17
not yet calculated
CVE-2020-0321
MISC
google — android_11_devices
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427
2020-09-17
not yet calculated
CVE-2020-0320
MISC
google — android_11_devices
In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940
2020-09-17
not yet calculated
CVE-2020-0329
MISC
google — android_11_devices
In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138443815
2020-09-17
not yet calculated
CVE-2020-0366
MISC
google — android_11_devices
In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624
2020-09-17
not yet calculated
CVE-2020-0297
MISC
google — android_11_devices
In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099
2020-09-17
not yet calculated
CVE-2020-0312
MISC
google — android_11_devices
In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209
2020-09-17
not yet calculated
CVE-2020-0296
MISC
google — android_11_devices
In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394
2020-09-17
not yet calculated
CVE-2020-0287
MISC
google — android_11_devices
In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379
2020-09-17
not yet calculated
CVE-2020-0130
MISC
google — android_11_devices
In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320
2020-09-18
not yet calculated
CVE-2020-0309
MISC
google — android_11_devices
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603
2020-09-18
not yet calculated
CVE-2020-0089
MISC
google — android_11_devices
In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229
2020-09-17
not yet calculated
CVE-2020-0303
MISC
google — android_11_devices
In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929
2020-09-17
not yet calculated
CVE-2020-0317
MISC
google — android_11_devices
In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168
2020-09-17
not yet calculated
CVE-2020-0125
MISC
google — android_11_devices
In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081
2020-09-18
not yet calculated
CVE-2020-0271
MISC
google — android_11_devices
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008
2020-09-18
not yet calculated
CVE-2020-0262
MISC
google — android_11_devices
In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141455849
2020-09-17
not yet calculated
CVE-2020-0293
MISC
google — android_11_devices
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn’t have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736
2020-09-17
not yet calculated
CVE-2020-0275
MISC
google — android_11_devices
In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device’s data plan with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148627993
2020-09-17
not yet calculated
CVE-2020-0277
MISC
google — android_11_devices
In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628
2020-09-17
not yet calculated
CVE-2020-0270
MISC
google — android_11_devices
In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997
2020-09-17
not yet calculated
CVE-2020-0279
MISC
google — android_11_devices
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778
2020-09-18
not yet calculated
CVE-2020-0281
MISC
google — android_11_devices
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643
2020-09-18
not yet calculated
CVE-2020-0268
MISC
google — android_11_devices
In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991
2020-09-17
not yet calculated
CVE-2020-0288
MISC
google — android_11_devices
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460
2020-09-17
not yet calculated
CVE-2020-0301
MISC
google — android_11_devices
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872
2020-09-17
not yet calculated
CVE-2020-0289
MISC
google — android_11_devices
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866
2020-09-17
not yet calculated
CVE-2020-0290
MISC
google — android_devices
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576
2020-09-17
not yet calculated
CVE-2020-0342
MISC
google — android_devices
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
2020-09-18
not yet calculated
CVE-2020-5629
MISC
google — android_devices
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804
2020-09-17
not yet calculated
CVE-2020-0387
MISC
google — android_devices
In Pixel’s use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508
2020-09-17
not yet calculated
CVE-2020-0434
MISC
google — android_devices
In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A
2020-09-17
not yet calculated
CVE-2020-0407
MISC
google — android_devices
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
2020-09-17
not yet calculated
CVE-2020-0427
MISC
google — android_devices
In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150159669
2020-09-17
not yet calculated
CVE-2020-0381
MISC
google — android_devices
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
2020-09-17
not yet calculated
CVE-2020-0431
MISC
google — android_devices
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
2020-09-17
not yet calculated
CVE-2020-0404
MISC
google — android_devices
In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923
2020-09-17
not yet calculated
CVE-2020-0403
MISC
google — android_devices
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807
2020-09-17
not yet calculated
CVE-2020-0432
MISC
google — android_devices
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574
2020-09-17
not yet calculated
CVE-2020-0278
MISC
google — android_devices
In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299
2020-09-17
not yet calculated
CVE-2020-0433
MISC
google — android_devices
In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783
2020-09-17
not yet calculated
CVE-2020-0428
MISC
google — android_devices
In inline_data_addr of f2fs.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133762747
2020-09-17
not yet calculated
CVE-2020-0435
MISC
google — android_devices
In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554
2020-09-17
not yet calculated
CVE-2020-0430
MISC
google — android_devices
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374
2020-09-17
not yet calculated
CVE-2020-0123
MISC
google — android_devices
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
2020-09-18
not yet calculated
CVE-2020-5628
MISC
google — android_devices
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725
2020-09-17
not yet calculated
CVE-2020-0229
MISC
google — android_devices
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806
2020-09-17
not yet calculated
CVE-2020-0429
MISC
google — brotli
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a “one-shot” decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the “streaming” API as opposed to the “one-shot” API, and impose chunk size limits.
2020-09-15
not yet calculated
CVE-2020-8927
CONFIRM
google — multiple_android_devices
In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307
2020-09-17
not yet calculated
CVE-2020-0395
MISC
google — multiple_android_devices
In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149
2020-09-17
not yet calculated
CVE-2020-0245
MISC
google — multiple_android_devices
In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153993591
2020-09-17
not yet calculated
CVE-2020-0399
MISC
google — multiple_android_devices
In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253
2020-09-17
not yet calculated
CVE-2020-0401
MISC
google — multiple_android_devices
In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492
2020-09-17
not yet calculated
CVE-2020-0379
MISC
google — multiple_android_devices
In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150159906
2020-09-17
not yet calculated
CVE-2020-0384
MISC
google — multiple_android_devices
In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150160279
2020-09-17
not yet calculated
CVE-2020-0383
MISC
google — multiple_android_devices
In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-150160041
2020-09-17
not yet calculated
CVE-2020-0385
MISC
google — multiple_android_devices
In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356
2020-09-17
not yet calculated
CVE-2020-0386
MISC
google — multiple_android_devices
In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-158570769
2020-09-17
not yet calculated
CVE-2020-0391
MISC
google — multiple_android_devices
In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-154123412
2020-09-17
not yet calculated
CVE-2020-0393
MISC
google — multiple_android_devices
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120
2020-09-17
not yet calculated
CVE-2020-0074
MISC
google — multiple_android_devices
In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979
2020-09-17
not yet calculated
CVE-2020-0380
MISC
google — multiple_android_devices
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639
2020-09-17
not yet calculated
CVE-2020-0394
MISC
google — multiple_android_devices
In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269
2020-09-17
not yet calculated
CVE-2020-0396
MISC
google — multiple_android_devices
In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155092443
2020-09-17
not yet calculated
CVE-2020-0397
MISC
google — multiple_android_devices
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-150226608
2020-09-17
not yet calculated
CVE-2020-0392
MISC
helm — helm
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.
2020-09-17
not yet calculated
CVE-2020-15185
MISC
CONFIRM
helm — helm
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.
2020-09-17
not yet calculated
CVE-2020-15184
MISC
CONFIRM
helm — helm
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm –help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.
2020-09-17
not yet calculated
CVE-2020-15186
MISC
CONFIRM
helm — helm
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin’s install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.
2020-09-17
not yet calculated
CVE-2020-15187
MISC
CONFIRM
hewlett_packard — enterprise_universal_api_framework
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
2020-09-18
not yet calculated
CVE-2020-24623
MISC
huawei — taurus-anoob_devices
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
2020-09-18
not yet calculated
CVE-2020-9084
MISC
ibm — bladecenter_advanced_management_module
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user’s AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself.
2020-09-15
not yet calculated
CVE-2020-8339
MISC
ibm — maximo_asset_management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
2020-09-16
not yet calculated
CVE-2020-4409
XF
CONFIRM
ibm — security_trusteer_pinpoint_detect
IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371.
2020-09-16
not yet calculated
CVE-2020-4708
XF
CONFIRM
installbuilder — installbuilder
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.
2020-09-18
not yet calculated
CVE-2020-3979
MISC
intel — multiple_products
Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
2020-09-14
not yet calculated
CVE-2020-24457
MISC
jenkins — jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
2020-09-16
not yet calculated
CVE-2020-2268
MLIST
CONFIRM
joomla — joomla!
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
2020-09-18
not yet calculated
CVE-2020-25751
MISC
MISC
json-bigint — json-bigint
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
2020-09-18
not yet calculated
CVE-2020-8237
MISC
lenovo —
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
2020-09-15
not yet calculated
CVE-2020-8342
MISC
lenovo — system_x_imm2
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user’s web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself.
2020-09-15
not yet calculated
CVE-2020-8340
MISC
lenovo — vantage
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
2020-09-15
not yet calculated
CVE-2020-8346
MISC
lg — multiple_products
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).
2020-09-14
not yet calculated
CVE-2020-7807
MISC
MISC
libraw — libraw
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution.
2020-09-16
not yet calculated
CVE-2020-24890
MISC
libraw — libraw
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
2020-09-16
not yet calculated
CVE-2020-24889
MISC
linux — linux_kernel
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being ‘force disabled’ when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
2020-09-16
not yet calculated
CVE-2020-10768
CONFIRM
MISC
linux — linux_kernel
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2020-09-15
not yet calculated
CVE-2020-14331
MISC
MISC
MISC
linux — linux_kernel
A memory disclosure flaw was found in the Linux kernel’s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
2020-09-15
not yet calculated
CVE-2020-14304
MISC
CONFIRM
linux — linux_kernel
A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.
2020-09-18
not yet calculated
CVE-2020-14390
MISC
MISC
MISC
linux — linux_kernel
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
2020-09-15
not yet calculated
CVE-2020-14314
CONFIRM
MISC
MISC
linux — linux_kernel
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.
2020-09-15
not yet calculated
CVE-2020-10766
CONFIRM
MISC
linux — linux_kernel
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.
2020-09-15
not yet calculated
CVE-2020-10767
CONFIRM
MISC
linux — linux_kernel
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
2020-09-16
not yet calculated
CVE-2020-10781
CONFIRM
MISC
MISC
linux — linux_kernel
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
2020-09-16
not yet calculated
CVE-2020-14386
CONFIRM
MISC
MISC
linux — linux_kernel
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
2020-09-15
not yet calculated
CVE-2020-14385
CONFIRM
MISC
london_trust_media — private_internet_access_vpn_client_for_linux
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically.
2020-09-14
not yet calculated
CVE-2020-15590
MISC
MISC
MISC
mediawiki — mediawiki
The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors’ browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover. This has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely.
2020-09-15
not yet calculated
CVE-2020-15179
MISC
CONFIRM
micro_focus — operation_agent
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.
2020-09-18
not yet calculated
CVE-2020-11861
MISC
misp — misp
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
2020-09-18
not yet calculated
CVE-2020-25766
MISC
MISC
nextcloud — desktop_client
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
2020-09-18
not yet calculated
CVE-2020-8225
MISC
MISC
nifty — project_management_web_application
Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit.
2020-09-15
not yet calculated
CVE-2020-25071
MISC
MISC
nitro_software — nitro_pro
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability.
2020-09-17
not yet calculated
CVE-2020-6112
MISC
nitro_software — nitro_pro
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.
2020-09-17
not yet calculated
CVE-2020-6113
MISC
nitro_software — nitro_pro
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability.
2020-09-17
not yet calculated
CVE-2020-6115
MISC
nitro_software — nitro_pro
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.
2020-09-17
not yet calculated
CVE-2020-6116
MISC
node.js — node.js
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
2020-09-18
not yet calculated
CVE-2020-8251
MISC
MISC
node.js — node.js
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
2020-09-18
not yet calculated
CVE-2020-8252
MISC
MISC
node.js — node.js
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
2020-09-18
not yet calculated
CVE-2020-8201
MISC
MISC
nvidia — geforce_now
NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.
2020-09-18
not yet calculated
CVE-2020-5975
CONFIRM
nvidia — geforce_now
NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.
2020-09-18
not yet calculated
CVE-2020-5976
CONFIRM
objective_systems — objective_open_cbor
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.
2020-09-17
not yet calculated
CVE-2020-24753
MISC
MISC
ozeki — ng_sms_gateway
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.
2020-09-18
not yet calculated
CVE-2020-14029
MISC
MISC
ozeki — ng_sms_gateway
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITYSYSTEM privileges.
2020-09-18
not yet calculated
CVE-2020-14021
MISC
MISC
MISC
perl — perl
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
2020-09-16
not yet calculated
CVE-2014-10402
MISC
perl — perl
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service’s availability.
2020-09-16
not yet calculated
CVE-2020-14392
SUSE
MISC
MISC
UBUNTU
perl — perl
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
2020-09-16
not yet calculated
CVE-2020-14393
SUSE
MISC
MISC
philips — clinical_collaboration_platform
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.
2020-09-18
not yet calculated
CVE-2020-14525
MISC
philips — clinical_collaboration_platform
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
2020-09-18
not yet calculated
CVE-2020-16200
MISC
philips — clinical_collaboration_platform
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
2020-09-18
not yet calculated
CVE-2020-16247
MISC
philips — clinical_collaboration_platform
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
2020-09-18
not yet calculated
CVE-2020-16198
MISC
philips — clinical_collaboration_platfotm
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
2020-09-18
not yet calculated
CVE-2020-14506
MISC
postgresql — postgreql
The Windows installer for PostgreSQL 9.5 – 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer’s administrative rights.
2020-09-16
not yet calculated
CVE-2020-10733
MISC
MISC
prestashop — prestashop
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim’s browser.
2020-09-15
not yet calculated
CVE-2020-15178
MISC
CONFIRM
MISC
puppet — puppet_enterprise
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
2020-09-18
not yet calculated
CVE-2020-7945
MISC
rad — secflow-1v
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.
2020-09-17
not yet calculated
CVE-2020-13260
MISC
MISC
MISC
rad — secflow-1v
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.
2020-09-16
not yet calculated
CVE-2020-13259
MISC
EXPLOIT-DB
rapid7 — appspider
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.
2020-09-18
not yet calculated
CVE-2020-7358
MISC
red_discord_bot — act_module
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible.
2020-09-15
not yet calculated
CVE-2020-15172
MISC
CONFIRM
red_hat — jboss_eap
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
2020-09-16
not yet calculated
CVE-2020-1710
MISC
red_hat — jboss_keycloak
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
2020-09-16
not yet calculated
CVE-2020-1694
MISC
red_hat — jboss_keycloak
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
2020-09-16
not yet calculated
CVE-2020-10758
MISC
red_hat — jboss_keycloak
A flaw was found in Keycloak’s data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
2020-09-16
not yet calculated
CVE-2020-10748
MISC
red_hat — openshift_console
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.
2020-09-16
not yet calculated
CVE-2020-10715
MISC
MISC
red_hat — qt_library
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
2020-09-14
not yet calculated
CVE-2020-0570
MISC
resteasy — resteasy
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server’s potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
2020-09-18
not yet calculated
CVE-2020-25633
CONFIRM
rust — rust
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.
2020-09-19
not yet calculated
CVE-2020-25794
MISC
MISC
rust — rust
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.
2020-09-19
not yet calculated
CVE-2020-25796
MISC
MISC
rust — rust
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.
2020-09-19
not yet calculated
CVE-2020-25795
MISC
MISC
rust — rust
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.
2020-09-14
not yet calculated
CVE-2020-25573
MISC
MISC
rust — rust
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
2020-09-14
not yet calculated
CVE-2020-25576
MISC
rust — rust
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
2020-09-19
not yet calculated
CVE-2020-25791
MISC
MISC
rust — rust
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
2020-09-19
not yet calculated
CVE-2020-25792
MISC
MISC
rust — rust
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.
2020-09-19
not yet calculated
CVE-2020-25793
MISC
MISC
rust — rust
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2020-09-14
not yet calculated
CVE-2020-25575
MISC
MISC
rust — rust
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
2020-09-14
not yet calculated
CVE-2020-25574
MISC
MISC
safervpn_for_windows — safervpn_for_windows
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%SaferVPNLog is followed.
2020-09-18
not yet calculated
CVE-2020-25744
MISC
MISC
schneider_electric — scadapack_7x_remote_connect
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.
2020-09-16
not yet calculated
CVE-2020-7528
MISC
schneider_electric — scadapack_7x_remote_connect
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Transversal’) vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.
2020-09-16
not yet calculated
CVE-2020-7529
MISC
schneider_electric — scadapack_7x_remote_connect
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.
2020-09-16
not yet calculated
CVE-2020-7530
MISC
schneider_electric — scadapack_7x_remote_connect
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.
2020-09-16
not yet calculated
CVE-2020-7531
MISC
schnieder_electric — scadapack_7x_security_administrator
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.
2020-09-16
not yet calculated
CVE-2020-7532
MISC
solarwinds — orion_platform
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
2020-09-17
not yet calculated
CVE-2020-13169
CONFIRM
MISC
sourcecodester — online_course_registartion
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
2020-09-15
not yet calculated
CVE-2020-23828
MISC
MISC
soycms — soycms
SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage.
2020-09-17
not yet calculated
CVE-2020-15183
MISC
CONFIRM
MISC
soycms — soycms
SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328.
2020-09-18
not yet calculated
CVE-2020-15189
MISC
MISC
MISC
CONFIRM
MISC
soycms — soycms
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.
2020-09-18
not yet calculated
CVE-2020-15188
MISC
MISC
CONFIRM
MISC
soycms — soycms
The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328.
2020-09-17
not yet calculated
CVE-2020-15182
MISC
CONFIRM
MISC
spring — spring_framework
In Spring Framework versions 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
2020-09-19
not yet calculated
CVE-2020-5421
CONFIRM
sqreen — php_agent_daemon
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
2020-09-17
not yet calculated
CVE-2020-25490
CONFIRM
sqreen — pyminiracer
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
2020-09-17
not yet calculated
CVE-2020-25489
CONFIRM
MISC
suse — multiple_products
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.
2020-09-17
not yet calculated
CVE-2020-8028
CONFIRM
sylabs — singularity
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
2020-09-16
not yet calculated
CVE-2020-25040
MISC
MISC
sylabs — singularity
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
2020-09-16
not yet calculated
CVE-2020-25039
MISC
MISC
tibco_software — multiple_products
The Spotfire client component of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.
2020-09-15
not yet calculated
CVE-2020-9416
CONFIRM
CONFIRM
tiny — tiny_rss
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST[“url”] in an error message.
2020-09-19
not yet calculated
CVE-2020-25788
MISC
MISC
tiny — tiny_rss
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
2020-09-19
not yet calculated
CVE-2020-25787
MISC
MISC
tiny — tiny_rss
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
2020-09-19
not yet calculated
CVE-2020-25789
MISC
MISC
titanhq — spamtitan
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page.
2020-09-17
not yet calculated
CVE-2020-11803
MISC
MISC
MISC
MISC
MISC
titanhq — spamtitan
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
2020-09-17
not yet calculated
CVE-2020-11804
MISC
MISC
MISC
MISC
MISC
titanhq — spamtitan
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.
2020-09-17
not yet calculated
CVE-2020-11699
MISC
MISC
MISC
MISC
MISC
titanhq — spamtitan
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
2020-09-17
not yet calculated
CVE-2020-11700
MISC
MISC
MISC
MISC
MISC
titanhq — spamtitan
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
2020-09-17
not yet calculated
CVE-2020-11698
MISC
MISC
MISC
MISC
titanhq — spantitan_gateway
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login.
2020-09-17
not yet calculated
CVE-2020-24046
MISC
MISC
MISC
MISC
titanhq — spantitan_gateway
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar.
2020-09-17
not yet calculated
CVE-2020-24045
MISC
MISC
MISC
MISC
trend_micro — serverprotect
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.
2020-09-15
not yet calculated
CVE-2020-24561
N/A
typeorm — typeorm
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
2020-09-18
not yet calculated
CVE-2020-8158
MISC
ua-parser-js — ua-parser-js
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
2020-09-16
not yet calculated
CVE-2020-7733
CONFIRM
CONFIRM
CONFIRM
CONFIRM
vmware — fusion
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
2020-09-16
not yet calculated
CVE-2020-3980
MISC
vmware — workstation
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
2020-09-16
not yet calculated
CVE-2020-3986
MISC
vmware — workstation_and_horizon_client
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
2020-09-16
not yet calculated
CVE-2020-3989
MISC
vmware — workstation_and_horizon_client
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
2020-09-16
not yet calculated
CVE-2020-3987
MISC
vmware — workstation_and_horizon_client
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
2020-09-16
not yet calculated
CVE-2020-3990
MISC
vmware — workstation_and_horizon_client
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
2020-09-16
not yet calculated
CVE-2020-3988
MISC
vr_cam — p1_camera
VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication.
2020-09-15
not yet calculated
CVE-2020-23512
MISC
webtareas — webtareas
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
2020-09-18
not yet calculated
CVE-2020-25733
MISC
MISC
MISC
webtareas — webtareas
webTareas through 2.1 allows files/Default/ Directory Listing.
2020-09-18
not yet calculated
CVE-2020-25734
MISC
MISC
MISC
webtareas — webtareas
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
2020-09-18
not yet calculated
CVE-2020-25735
MISC
MISC
MISC
wibu-systems — codemeter
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
2020-09-16
not yet calculated
CVE-2020-14517
MISC
wibu-systems — codemeter
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
2020-09-16
not yet calculated
CVE-2020-14519
MISC
wibu-systems — codemeter
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
2020-09-16
not yet calculated
CVE-2020-14513
MISC
wibu-systems — codemeter
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
2020-09-16
not yet calculated
CVE-2020-14509
MISC
wibu-systems — codemeter
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
2020-09-16
not yet calculated
CVE-2020-14515
MISC
wildfly — wildfly
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
2020-09-16
not yet calculated
CVE-2020-1748
MISC
wildfly– wildfly
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
2020-09-16
not yet calculated
CVE-2020-10718
MISC
wildfly– wildfly
A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the “use-grammar-pool-only” feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. All xerces jboss versions before 2.12.0.SP3.
2020-09-17
not yet calculated
CVE-2020-14338
MISC
x.org — x.org
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2020-09-15
not yet calculated
CVE-2020-14345
MISC
MISC
UBUNTU
UBUNTU
xmlquery — xmlquery
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
2020-09-16
not yet calculated
CVE-2020-25614
MISC
MISC
yii — yii_2
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
2020-09-15
not yet calculated
CVE-2020-15148
MISC
CONFIRM
yworks — yed_desktop
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.
2020-09-17
not yet calculated
CVE-2020-25216
MISC
yworks — yed_desktop
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.
2020-09-17
not yet calculated
CVE-2020-25215
MISC
zoneminder — zoneminder
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
2020-09-17
not yet calculated
CVE-2020-25729
MISC
MISC
MISC
Back to top
This product is provided subject to this Notification and this Privacy & Use policy.Original release date: September 21, 2020
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — struts | Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 2020-09-14 | 7.5 | CVE-2019-0230 MISC |
dlink — covr-2600r_firmware | D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | 2020-09-14 | 10 | CVE-2018-20432 MISC MISC |
google — android | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). | 2020-09-11 | 7.5 | CVE-2020-25283 MISC |
google — android | An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020). | 2020-09-11 | 7.5 | CVE-2020-25282 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization. | 2020-09-11 | 7.5 | CVE-2020-25260 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses XML deserialization libraries in an unsafe manner. | 2020-09-11 | 7.5 | CVE-2020-25259 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages. | 2020-09-11 | 7.5 | CVE-2020-25258 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. | 2020-09-11 | 7.5 | CVE-2020-25254 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter. | 2020-09-11 | 7.5 | CVE-2020-25253 MISC |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. | 2020-09-15 | 9 | CVE-2020-4521 XF CONFIRM |
jenkins — selection_tasks | Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | 2020-09-16 | 9 | CVE-2020-2276 MLIST CONFIRM |
lemonldap-ng — lemonldap | An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the “Lemonldap::NG handler for Node.js” package. | 2020-09-14 | 7.5 | CVE-2020-24660 CONFIRM CONFIRM MISC DEBIAN |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system’s root password via improper access controls in the user interface. | 2020-09-15 | 7.7 | CVE-2020-7293 MISC |
mi — r3600_firmware | In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | 2020-09-11 | 10 | CVE-2020-14100 MISC |
mi — xiaomi_ai_speaker_firmware | Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | 2020-09-11 | 7.5 | CVE-2020-14096 MISC |
microsoft — chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172. | 2020-09-11 | 7.6 | CVE-2020-1180 N/A |
microsoft — chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180. | 2020-09-11 | 7.6 | CVE-2020-1172 N/A |
microsoft — edge | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180. | 2020-09-11 | 9.3 | CVE-2020-1057 N/A |
microsoft — exchange_server | A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka ‘Microsoft Exchange Server Remote Code Execution Vulnerability’. | 2020-09-11 | 9 | CVE-2020-16875 MISC N/A |
microsoft — visual_studio | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16856. | 2020-09-11 | 9.3 | CVE-2020-16874 N/A |
microsoft — visual_studio | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka ‘Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16874. | 2020-09-11 | 9.3 | CVE-2020-16856 N/A |
microsoft — visual_studio_code | A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-16881 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka ‘Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0782 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1590 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka ‘Windows Text Service Module Remote Code Execution Vulnerability’. | 2020-09-11 | 7.6 | CVE-2020-0908 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1593. | 2020-09-11 | 9.3 | CVE-2020-1508 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1129. | 2020-09-11 | 9.3 | CVE-2020-1319 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-1285 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1039. | 2020-09-11 | 9.3 | CVE-2020-1074 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1074. | 2020-09-11 | 9.3 | CVE-2020-1039 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-0997 N/A MISC |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Remote Code Execution Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-0922 N/A |
microsoft — windows_10 | A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka ‘Windows Defender Application Control Security Feature Bypass Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0951 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka ‘Group Policy Elevation of Privilege Vulnerability’. | 2020-09-11 | 9.3 | CVE-2020-1013 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Shell infrastructure component Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0870 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1053. | 2020-09-11 | 7.2 | CVE-2020-1308 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1245 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when NTFS improperly checks access, aka ‘NTFS Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0838 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1030 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0998 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-1034 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka ‘Windows Modules Installer Elevation of Privilege Vulnerability’. | 2020-09-11 | 7.2 | CVE-2020-0911 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1559. | 2020-09-11 | 7.2 | CVE-2020-0886 N/A |
projectworlds — house_rental | Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | 2020-09-15 | 7.5 | CVE-2020-23833 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accesspressthemes — wp_floating_menu | WordPress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. | 2020-09-14 | 4.3 | CVE-2020-25378 MISC |
apache — cocoon | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. | 2020-09-11 | 5 | CVE-2020-11991 MISC |
apache — struts | An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | 2020-09-14 | 5 | CVE-2019-0233 MISC |
argosoft — mail_server | ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | 2020-09-11 | 6.8 | CVE-2020-23824 MISC |
atlassian — jira | Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. | 2020-09-17 | 5 | CVE-2020-14181 MISC |
blackcat-cms — blackcat_cms | An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | 2020-09-15 | 6.8 | CVE-2020-25453 MISC |
bluetooth — bluetooth_core_specification | Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. | 2020-09-11 | 4.3 | CVE-2020-15802 MISC MISC |
codoforum — codoforum | Codoforum 4.8.3 allows HTML Injection in the ‘admin dashboard Manage users Section.’ | 2020-09-14 | 4.3 | CVE-2020-21845 MISC MISC |
cryptsetup_project — cryptsetup | A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file ‘lib/luks2/luks2_json_metadata.c’ in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement “intervals = malloc(first_backup * sizeof(*intervals));”). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory. | 2020-09-16 | 6.8 | CVE-2020-14382 MISC FEDORA UBUNTU |
ctolog — thinkadmin | ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | 2020-09-14 | 5 | CVE-2020-25540 MISC MISC MISC |
dataiku — data_science_studio | Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the “Created by” metadata. | 2020-09-14 | 5.5 | CVE-2020-8817 MISC CONFIRM |
ericsson — rx8200_firmware | Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the “path” or “Services+ID” parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the “name” parameter with the malicious code. | 2020-09-14 | 4.3 | CVE-2020-22158 MISC |
gazie_project — gazie | Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code. | 2020-09-14 | 4.3 | CVE-2020-21731 MISC MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. | 2020-09-14 | 6.5 | CVE-2020-13302 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. | 2020-09-14 | 4 | CVE-2020-13316 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues | 2020-09-14 | 4 | CVE-2020-13287 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | 2020-09-15 | 4 | CVE-2020-13308 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. | 2020-09-14 | 4 | CVE-2020-13313 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project. | 2020-09-15 | 4 | CVE-2020-13303 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. | 2020-09-14 | 4 | CVE-2020-13311 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service. | 2020-09-14 | 4 | CVE-2020-13310 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. | 2020-09-14 | 4 | CVE-2020-13317 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. | 2020-09-14 | 4 | CVE-2020-13305 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token | 2020-09-14 | 5.5 | CVE-2020-13284 CONFIRM MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. | 2020-09-14 | 4.9 | CVE-2020-13318 CONFIRM MISC |
gitlab — gitlab | GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | 2020-09-14 | 6.4 | CVE-2020-13300 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. | 2020-09-14 | 5.5 | CVE-2020-13289 CONFIRM MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. | 2020-09-14 | 5 | CVE-2020-13312 CONFIRM MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. | 2020-09-15 | 6 | CVE-2020-13307 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. | 2020-09-14 | 5 | CVE-2020-13314 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | 2020-09-14 | 5.5 | CVE-2020-13299 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. | 2020-09-14 | 4.9 | CVE-2020-13297 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. | 2020-09-14 | 5 | CVE-2020-13306 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. | 2020-09-14 | 5 | CVE-2020-13298 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. | 2020-09-14 | 6.5 | CVE-2020-13304 CONFIRM MISC MISC |
gonitro — nitro_pro | An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an ‘ICCBased’ colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | 2020-09-16 | 6.8 | CVE-2020-6146 MISC |
google — android | In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155646800 | 2020-09-18 | 4.6 | CVE-2020-0273 MISC |
google — android | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). | 2020-09-11 | 5 | CVE-2020-25281 MISC |
google — android | In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119 | 2020-09-18 | 4.6 | CVE-2020-0326 MISC |
google — android | In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479 | 2020-09-18 | 5 | CVE-2020-0286 MISC |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2017.3 – 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 – 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path. | 2020-09-18 | 5 | CVE-2020-15768 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user’s password. | 2020-09-18 | 5 | CVE-2020-15770 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user’s anti-CSRF token if the user initiates a cleartext HTTP request. | 2020-09-18 | 4.3 | CVE-2020-15767 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.2 – 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie. | 2020-09-18 | 6.8 | CVE-2020-15776 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2020.2 – 2020.2.4. An XSS issue exists via the request URL. | 2020-09-18 | 4.3 | CVE-2020-15769 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur. | 2020-09-18 | 5 | CVE-2020-15771 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure. | 2020-09-18 | 4.6 | CVE-2020-15774 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2017.1 – 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics. | 2020-09-18 | 5 | CVE-2020-15775 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API. | 2020-09-18 | 4 | CVE-2020-15773 MISC CONFIRM |
gradle — enterprise | An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration. | 2020-09-18 | 4 | CVE-2020-15772 MISC CONFIRM |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI certificates have a private key that is the same across different customers’ installations. | 2020-09-11 | 6.4 | CVE-2020-25256 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information. | 2020-09-11 | 6.4 | CVE-2020-25251 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations. | 2020-09-11 | 5 | CVE-2020-25249 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. | 2020-09-11 | 5 | CVE-2020-25255 MISC |
hyland — onbase | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). | 2020-09-11 | 6.8 | CVE-2020-25252 MISC |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | 2020-09-15 | 6.5 | CVE-2019-4671 XF CONFIRM |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. | 2020-09-15 | 4.3 | CVE-2020-4526 XF CONFIRM |
ibm — spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. | 2020-09-15 | 6 | CVE-2020-4703 XF CONFIRM |
ibm — spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. | 2020-09-15 | 4 | CVE-2020-4711 XF CONFIRM |
inspircd — inspircd | An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server. | 2020-09-11 | 6.8 | CVE-2019-20918 MISC MISC MISC |
inspircd — inspircd | An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | 2020-09-11 | 6.8 | CVE-2019-20917 MISC MISC MISC MLIST DEBIAN |
inspircd — inspircd | An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | 2020-09-11 | 6.8 | CVE-2020-25269 MISC MISC MISC MLIST DEBIAN |
istio-operator_project — istio-operator | An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-16 | 6.5 | CVE-2020-14306 MISC MISC |
jenkins — blue_ocean | A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 2020-09-16 | 4 | CVE-2020-2255 MLIST CONFIRM |
jenkins — copy_data_to_workspace | Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | 2020-09-16 | 4 | CVE-2020-2275 MLIST CONFIRM |
jenkins — elastest | A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 2020-09-16 | 4.3 | CVE-2020-2273 MLIST CONFIRM |
jenkins — elastest | A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 2020-09-16 | 4 | CVE-2020-2272 MLIST CONFIRM |
jenkins — email_extension | Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | 2020-09-16 | 5.8 | CVE-2020-2253 MLIST CONFIRM |
jenkins — health_advisor_by_cloudbees | Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | 2020-09-16 | 4 | CVE-2020-2258 MLIST CONFIRM |
jenkins — mailer | Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | 2020-09-16 | 5.8 | CVE-2020-2252 MLIST CONFIRM |
jenkins — mongodb | A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | 2020-09-16 | 4 | CVE-2020-2267 MLIST CONFIRM |
jenkins — perfecto | A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 2020-09-16 | 4 | CVE-2020-2260 MLIST CONFIRM |
jenkins — perfecto | Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | 2020-09-16 | 6.5 | CVE-2020-2261 MLIST CONFIRM |
jenkins — storable_configs | Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | 2020-09-16 | 4 | CVE-2020-2277 MLIST CONFIRM |
jenkins — storable_configs | Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other ‘.xml’ file on the Jenkins controller with a job config.xml file’s content. | 2020-09-16 | 4 | CVE-2020-2278 MLIST CONFIRM |
kaiostech — kaios | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application’s UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application’s UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 4.3 | CVE-2019-14756 MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 4.3 | CVE-2019-14757 MISC MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 4.3 | CVE-2019-14758 MISC MISC |
kingsoft — wps_office | GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. | 2020-09-13 | 6.8 | CVE-2020-25291 MISC |
linux — linux_kernel | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | 2020-09-13 | 4.4 | CVE-2020-25285 MISC MISC MISC |
linux4sam — at91bootstrap | AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader). | 2020-09-14 | 6.4 | CVE-2020-11684 MISC MISC |
linux4sam — at91bootstrap | A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system. | 2020-09-14 | 4.6 | CVE-2020-11683 MISC MISC |
mcafee — email_gateway | Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | 2020-09-16 | 4 | CVE-2020-7268 MISC |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. | 2020-09-15 | 4.1 | CVE-2020-7295 CONFIRM |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. | 2020-09-15 | 4.1 | CVE-2020-7294 CONFIRM |
microchip — atsama5d21c-cu_firmware | CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | 2020-09-14 | 5 | CVE-2020-12788 MISC |
microchip — atsama5d21c-cu_firmware | The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | 2020-09-14 | 4.3 | CVE-2020-12789 MISC |
microchip — atsama5d21c-cu_firmware | Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | 2020-09-14 | 4.3 | CVE-2020-12787 MISC |
microsoft — 365_apps | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ‘Microsoft Excel Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-1224 N/A |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1338. | 2020-09-11 | 6.8 | CVE-2020-1218 N/A |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1218. | 2020-09-11 | 6.8 | CVE-2020-1338 N/A |
microsoft — asp.net_core | A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka ‘Microsoft ASP.NET Core Security Feature Bypass Vulnerability’. | 2020-09-11 | 5 | CVE-2020-1045 FEDORA N/A |
microsoft — dynamics_365 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16860. | 2020-09-11 | 6.5 | CVE-2020-16862 N/A |
microsoft — dynamics_365 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16862. | 2020-09-11 | 6.5 | CVE-2020-16860 N/A |
microsoft — dynamics_365_for_finance_and_operations | A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’. | 2020-09-11 | 6.5 | CVE-2020-16857 N/A |
microsoft — edge | A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka ‘Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-16884 N/A |
microsoft — internet_explorer | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’. | 2020-09-11 | 5.1 | CVE-2020-0878 N/A |
microsoft — internet_explorer | An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘Windows Start-Up Application Elevation of Privilege Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1506 N/A |
microsoft — internet_explorer | An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka ‘WinINet API Elevation of Privilege Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1012 N/A |
microsoft — office | An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka ‘Microsoft Office Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-16855 N/A |
microsoft — sharepoint_enterprise_server | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. | 2020-09-11 | 4.9 | CVE-2020-1205 N/A |
microsoft — sharepoint_enterprise_server | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka ‘Microsoft SharePoint Server Remote Code Execution Vulnerability’. | 2020-09-11 | 6.5 | CVE-2020-1460 N/A |
microsoft — sharepoint_enterprise_server | A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1523. | 2020-09-11 | 4 | CVE-2020-1440 N/A |
microsoft — sharepoint_server | A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka ‘Microsoft SharePoint Server Tampering Vulnerability’. This CVE ID is unique from CVE-2020-1440. | 2020-09-11 | 4 | CVE-2020-1523 N/A |
microsoft — sql_server_reporting_services | A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka ‘SQL Server Reporting Services Security Feature Bypass Vulnerability’. | 2020-09-11 | 4 | CVE-2020-1044 N/A |
microsoft — visual_studio | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1133. | 2020-09-11 | 4.6 | CVE-2020-1130 N/A |
microsoft — visual_studio | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1130. | 2020-09-11 | 4.6 | CVE-2020-1133 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0912 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159. | 2020-09-11 | 4.6 | CVE-2020-1376 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1319. | 2020-09-11 | 6.8 | CVE-2020-1129 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0766. | 2020-09-11 | 4.6 | CVE-2020-1146 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376. | 2020-09-11 | 4.6 | CVE-2020-1159 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1252 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka ‘Windows Function Discovery Service Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1491 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows InstallService Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1532 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1303. | 2020-09-11 | 6.8 | CVE-2020-1169 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka ‘Windows Win32k Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1152 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1308. | 2020-09-11 | 4.6 | CVE-2020-1053 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1115 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka ‘Windows Shell Infrastructure Component Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1098 N/A |
microsoft — windows_10 | A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka ‘Windows Routing Utilities Denial of Service’. | 2020-09-11 | 4.9 | CVE-2020-1038 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376. | 2020-09-11 | 4.6 | CVE-2020-1052 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka ‘Windows CloudExperienceHost Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1471 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrslvr.dll Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0839 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka ‘Microsoft COM for Windows Elevation of Privilege Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-1507 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1091. | 2020-09-11 | 4.3 | CVE-2020-1097 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1097. | 2020-09-11 | 4.3 | CVE-2020-1091 N/A |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka ‘Windows Media Audio Decoder Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1508. | 2020-09-11 | 6.8 | CVE-2020-1593 N/A |
microsoft — windows_10 | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0790 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka ‘Windows UPnP Service Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1598 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-1256 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Information Disclosure Vulnerability’. | 2020-09-11 | 4.3 | CVE-2020-0875 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka ‘Windows DHCP Server Information Disclosure Vulnerability’. | 2020-09-11 | 5 | CVE-2020-1031 N/A |
microsoft — windows_10 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0904. | 2020-09-11 | 4.9 | CVE-2020-0890 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0886. | 2020-09-11 | 4.6 | CVE-2020-1559 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1169. | 2020-09-11 | 6.8 | CVE-2020-1303 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka ‘Windows Language Pack Installer Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-1122 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows RSoP Service Application Elevation of Privilege Vulnerability’. | 2020-09-11 | 4.6 | CVE-2020-0648 N/A |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Microsoft Store Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1146. | 2020-09-11 | 4.6 | CVE-2020-0766 N/A |
microsoft — windows_10 | A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka ‘ADFS Spoofing Vulnerability’. | 2020-09-11 | 4 | CVE-2020-0837 N/A |
microsoft — windows_server_2008 | An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0856. | 2020-09-11 | 4 | CVE-2020-0664 N/A |
microsoft — windows_server_2008 | A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0836. | 2020-09-11 | 4 | CVE-2020-1228 N/A |
microsoft — windows_server_2008 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0761. | 2020-09-11 | 6.5 | CVE-2020-0718 N/A |
microsoft — windows_server_2008 | A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka ‘Windows DNS Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-1228. | 2020-09-11 | 5 | CVE-2020-0836 N/A |
microsoft — windows_server_2008 | An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0664. | 2020-09-11 | 4 | CVE-2020-0856 N/A |
microsoft — windows_server_2008 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka ‘Active Directory Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0718. | 2020-09-11 | 6.5 | CVE-2020-0761 N/A |
microsoft — xamarin.forms | A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka ‘Xamarin.Forms Spoofing Vulnerability’. | 2020-09-11 | 6.8 | CVE-2020-16873 N/A |
mikrotik — routeros | An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. | 2020-09-14 | 5 | CVE-2020-11881 MISC MISC |
perl — dbi | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | 2020-09-11 | 5 | CVE-2013-7490 MISC MISC MISC UBUNTU |
perl — dbi | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | 2020-09-11 | 5 | CVE-2013-7491 MISC MISC MISC |
perl — dbi | An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | 2020-09-11 | 5 | CVE-2014-10401 MISC MISC MISC UBUNTU |
perl — dbi | An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | 2020-09-17 | 5 | CVE-2019-20919 MISC MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | 2020-09-11 | 4.6 | CVE-2020-16212 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | 2020-09-11 | 5.2 | CVE-2020-16228 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 2020-09-11 | 5.8 | CVE-2020-16222 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 2020-09-11 | 5.8 | CVE-2020-16214 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | 2020-09-11 | 6.1 | CVE-2020-16216 MISC |
pligg_project — pligg | Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | 2020-09-13 | 6.5 | CVE-2020-25287 MISC |
primekey — ejbca | An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) | 2020-09-11 | 6.8 | CVE-2020-25276 MISC |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | 2020-09-11 | 4 | CVE-2018-19947 MISC |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | 2020-09-11 | 4.3 | CVE-2018-19948 MISC |
qnap — helpdesk | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | 2020-09-11 | 4.3 | CVE-2018-19946 MISC |
rails — action_view | In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View’s translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. | 2020-09-11 | 4.3 | CVE-2020-15169 CONFIRM |
recall-products_project — recall-products | WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the ‘Manufacturer[]’ parameter which allows an authenticated attacker to inject a malicious SQL query. | 2020-09-14 | 6.5 | CVE-2020-25379 MISC |
rukovoditel — rukovoditel | Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | 2020-09-14 | 4.3 | CVE-2020-21732 MISC MISC MISC |
sagemcom — f@st_3686_firmware | Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. | 2020-09-14 | 4.3 | CVE-2020-21733 MISC MISC MISC MISC |
spiceworks — spiceworks | Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via “/settings/v1/users” function. | 2020-09-15 | 6.8 | CVE-2020-23451 MISC MISC |
taoensso — nippy | A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. | 2020-09-11 | 6.8 | CVE-2020-24164 MISC |
vtenext — vtenext | A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. | 2020-09-14 | 6.5 | CVE-2020-10228 MISC MISC MISC |
vtenext — vtenext | A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. | 2020-09-14 | 4.3 | CVE-2020-10227 MISC MISC MISC |
vtenext — vtenext | A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator’s behalf, such as uploading files, adding users, and deleting accounts. | 2020-09-14 | 6.8 | CVE-2020-10229 MISC MISC MISC |
wibu — codemeter | An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. | 2020-09-16 | 5 | CVE-2020-16233 MISC |
wordpress — wordpress | In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | 2020-09-13 | 5 | CVE-2020-25286 MISC MISC |
x.org — libx11 | An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. | 2020-09-11 | 4.6 | CVE-2020-14363 CONFIRM MISC UBUNTU |
x.org — xorg-server | A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | 4.6 | CVE-2020-14346 MISC MISC UBUNTU |
x.org — xorg-server | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | 4.6 | CVE-2020-14362 MISC MISC UBUNTU |
x.org — xorg-server | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | 4.6 | CVE-2020-14361 MISC MISC UBUNTU |
zeromq — libzmq | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. | 2020-09-11 | 5 | CVE-2020-15166 MISC MISC CONFIRM GENTOO |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
avast — secureline_vpn | The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). | 2020-09-13 | 2.1 | CVE-2020-25289 MISC |
canonical — ubuntu-ui-toolkit | On desktop, Ubuntu UI Toolkit’s StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1. | 2020-09-11 | 2.1 | CVE-2014-1420 UBUNTU UBUNTU |
elementor — elementor_page_builder | A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. | 2020-09-16 | 3.5 | CVE-2020-20406 MISC |
elkarbackup — elkarbackup | A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter | 2020-09-15 | 3.5 | CVE-2020-24924 MISC MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page. | 2020-09-14 | 3.5 | CVE-2020-13301 CONFIRM MISC MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695 | 2020-09-18 | 2.1 | CVE-2020-0304 MISC |
google — android | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779 | 2020-09-18 | 2.1 | CVE-2020-0349 MISC |
google — android | In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309 | 2020-09-18 | 2.1 | CVE-2020-0325 MISC |
google — android | In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device’s IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310 | 2020-09-18 | 2.1 | CVE-2020-0331 MISC |
google — android | In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919 | 2020-09-18 | 2.1 | CVE-2020-0316 MISC |
google — android | In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130 | 2020-09-18 | 2.1 | CVE-2020-0263 MISC |
google — android | In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026 | 2020-09-18 | 2.1 | CVE-2020-0315 MISC |
google — android | In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989 | 2020-09-18 | 2.1 | CVE-2020-0313 MISC |
google — android | In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642 | 2020-09-18 | 2.1 | CVE-2020-0311 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468 | 2020-09-18 | 2.1 | CVE-2020-0310 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867 | 2020-09-18 | 2.1 | CVE-2020-0307 MISC |
google — android | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375 | 2020-09-18 | 2.1 | CVE-2020-0302 MISC |
google — android | In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487 | 2020-09-18 | 2.1 | CVE-2020-0272 MISC |
google — android | In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969 | 2020-09-18 | 2.1 | CVE-2020-0295 MISC |
google — android | In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407 | 2020-09-18 | 2.1 | CVE-2020-0327 MISC |
google — android | In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839 | 2020-09-18 | 2.1 | CVE-2020-0265 MISC |
google — android | In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626 | 2020-09-18 | 2.1 | CVE-2020-0269 MISC |
google — android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016 | 2020-09-18 | 2.1 | CVE-2020-0291 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586 | 2020-09-18 | 2.1 | CVE-2020-0276 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784 | 2020-09-18 | 2.1 | CVE-2020-0284 MISC |
google — android | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479 | 2020-09-18 | 2.1 | CVE-2020-0285 MISC |
google — android | In the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154915372 | 2020-09-18 | 2.1 | CVE-2020-0294 MISC |
google — android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252 | 2020-09-18 | 2.1 | CVE-2020-0292 MISC |
huawei — bla-a09_firmware | Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab | 2020-09-11 | 2.1 | CVE-2020-9239 MISC |
ibm — business_automation_workflow | IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. | 2020-09-15 | 3.5 | CVE-2020-4530 XF CONFIRM |
ibm — tivoli_business_service_manager | IBM Tivoli Business Service Manager 6.2.0.0 – 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. | 2020-09-15 | 2.1 | CVE-2020-4344 XF CONFIRM |
jenkins — android_lint | Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s post-build step. | 2020-09-16 | 3.5 | CVE-2020-2262 MLIST CONFIRM |
jenkins — blue_ocean | Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | 2020-09-16 | 3.5 | CVE-2020-2254 MLIST CONFIRM |
jenkins — chosen-views-tabbar | Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | 2020-09-16 | 3.5 | CVE-2020-2269 MLIST CONFIRM |
jenkins — clearcase_release | Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2270 MLIST CONFIRM |
jenkins — computer_queue | Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2259 MLIST CONFIRM |
jenkins — coverage/complexity_scatter_plot | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s post-build step. | 2020-09-16 | 3.5 | CVE-2020-2265 MLIST CONFIRM |
jenkins — custom_job_icon | Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2264 MLIST CONFIRM |
jenkins — description_column | Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2266 MLIST CONFIRM |
jenkins — elastest | Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2020-09-16 | 2.1 | CVE-2020-2274 MLIST CONFIRM |
jenkins — locked_files_report | Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files’ names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2271 MLIST CONFIRM |
jenkins — pipeline_maven_integration | Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2256 MLIST CONFIRM |
jenkins — radiator_view | Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2263 MLIST CONFIRM |
jenkins — validating_string_parameter | Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2020-09-16 | 3.5 | CVE-2020-2257 MLIST CONFIRM |
kaiostech — kaios | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 1.9 | CVE-2019-14759 MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 1.9 | CVE-2019-14760 MISC MISC |
kaiostech — kaios | An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application’s UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | 2020-09-14 | 1.9 | CVE-2019-14761 MISC MISC |
linux — linux_kernel | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | 2020-09-13 | 2.1 | CVE-2020-25284 MISC MISC |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. | 2020-09-16 | 2.7 | CVE-2020-7297 MISC |
mcafee — web_gateway | Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. | 2020-09-15 | 2.7 | CVE-2020-7296 CONFIRM |
microsoft — onedrive | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853. | 2020-09-11 | 3.6 | CVE-2020-16852 N/A |
microsoft — onedrive | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852. | 2020-09-11 | 3.6 | CVE-2020-16853 N/A |
microsoft — onedrive | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka ‘OneDrive for Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853. | 2020-09-11 | 3.6 | CVE-2020-16851 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka ‘Windows State Repository Service Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-0914 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0941. | 2020-09-11 | 2.1 | CVE-2020-1250 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1250. | 2020-09-11 | 2.1 | CVE-2020-0941 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka ‘Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-0989 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-1033 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0921. | 2020-09-11 | 2.1 | CVE-2020-1083 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka ‘Windows Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-1119 N/A |
microsoft — windows_10 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2020-0890. | 2020-09-11 | 2.1 | CVE-2020-0904 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-1592 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-0928 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592. | 2020-09-11 | 2.1 | CVE-2020-16854 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Information Disclosure Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-16879 N/A |
microsoft — windows_10 | A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka ‘Projected Filesystem Security Feature Bypass Vulnerability’. | 2020-09-11 | 2.1 | CVE-2020-0805 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854. | 2020-09-11 | 2.1 | CVE-2020-1589 N/A |
microsoft — windows_10 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-1083. | 2020-09-11 | 2.1 | CVE-2020-0921 N/A |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | 2020-09-11 | 2.7 | CVE-2020-16218 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | 2020-09-11 | 3.3 | CVE-2020-16224 MISC |
philips — patient_information_center_ix | Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. | 2020-09-11 | 3.3 | CVE-2020-16220 MISC |
recall-products_project — recall-products | WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the ‘Recall Settings’ field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | 2020-09-14 | 3.5 | CVE-2020-25380 MISC |
redhat — ansible_engine | An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. | 2020-09-11 | 2.1 | CVE-2020-14330 CONFIRM MISC |
softrade — wp_smart_crm_&_invoices | WordPress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. | 2020-09-14 | 3.5 | CVE-2020-25375 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1crm — 1crm_system |
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL. | 2020-09-18 | not yet calculated | CVE-2020-15958 MISC MISC MISC MISC |
adobe — media_encoder |
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | not yet calculated | CVE-2020-9745 MISC |
adobe — media_encoder |
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | not yet calculated | CVE-2020-9739 MISC |
adobe — media_encoder |
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2020-09-18 | not yet calculated | CVE-2020-9744 MISC |
alfresco — alfresco |
The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. | 2020-09-17 | not yet calculated | CVE-2020-25727 MISC |
alfresco — alfresco |
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user’s account password include the admin account. | 2020-09-17 | not yet calculated | CVE-2020-25728 MISC |
alfresco — alfresco |
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin’s access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0 | 2020-09-18 | not yet calculated | CVE-2020-15181 MISC CONFIRM |
amq — online_console |
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers. | 2020-09-16 | not yet calculated | CVE-2020-14348 MISC |
apache — airflow |
In Apache Airflow < 1.10.12, the “origin” parameter passed to some of the endpoints like ‘/trigger’ was vulnerable to XSS exploit. | 2020-09-17 | not yet calculated | CVE-2020-13944 MISC |
apache — atlas |
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. | 2020-09-16 | not yet calculated | CVE-2020-13928 MISC |
apache — superset |
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE. | 2020-09-17 | not yet calculated | CVE-2020-13948 MISC |
apache — syncope |
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution. | 2020-09-15 | not yet calculated | CVE-2020-11977 MISC |
bosch — smart_home_system |
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | 2020-09-16 | not yet calculated | CVE-2020-6781 MISC |
buffalo — airstation_whr-g54s |
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | 2020-09-18 | not yet calculated | CVE-2020-5605 MISC MISC |
buffalo — airstation_whr-g54s |
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | 2020-09-18 | not yet calculated | CVE-2020-5606 MISC MISC |
citrix — multiple_products |
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. | 2020-09-18 | not yet calculated | CVE-2020-8245 MISC |
citrix — multiple_products |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. | 2020-09-18 | not yet calculated | CVE-2020-8246 MISC |
citrix — multiple_products |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. | 2020-09-18 | not yet calculated | CVE-2020-8247 MISC |
citrix — multiple_xenmobile_servers |
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. | 2020-09-18 | not yet calculated | CVE-2020-8253 MISC |
citrix — storefront_server |
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. | 2020-09-18 | not yet calculated | CVE-2020-8200 MISC |
colin_percival — bsdiff |
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. | 2020-09-16 | not yet calculated | CVE-2020-14315 MISC MISC MISC |
d-link — dir-816L_and_dir-803_devices |
** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. | 2020-09-19 | not yet calculated | CVE-2020-25786 MISC MISC |
dotplant2 — dotplant2 |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST[‘xml’]) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-09-18 | not yet calculated | CVE-2020-25750 MISC |
elkarbackup — elkarbackup |
A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | 2020-09-15 | not yet calculated | CVE-2020-24925 MISC MISC |
ewon — flexy_and_cosy |
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. | 2020-09-18 | not yet calculated | CVE-2020-16230 MISC |
fasterxml — jackson-databind |
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | 2020-09-17 | not yet calculated | CVE-2020-24750 MISC |
freebox — freebox_hd |
A DNS rebinding vulnerability in Freebox HD before 1.5.29. | 2020-09-16 | not yet calculated | CVE-2020-24374 MISC |
freebox — freebox_server |
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. | 2020-09-16 | not yet calculated | CVE-2020-24377 MISC |
freebox — upnp_idg |
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox Server before 4.2.3. | 2020-09-16 | not yet calculated | CVE-2020-24376 MISC |
freebox — upnp_mediaserver |
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | 2020-09-16 | not yet calculated | CVE-2020-24373 MISC |
fwupd — fwupd |
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity. | 2020-09-15 | not yet calculated | CVE-2020-10759 MISC MISC |
gallagher — command_centre |
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. | 2020-09-15 | not yet calculated | CVE-2020-16097 MISC |
gallagher — command_centre |
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components. | 2020-09-15 | not yet calculated | CVE-2020-16096 MISC |
gallagher — command_centre |
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | 2020-09-15 | not yet calculated | CVE-2020-16101 MISC |
gallagher — command_centre |
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service’s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | 2020-09-15 | not yet calculated | CVE-2020-16100 MISC |
gallagher — command_centre |
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. | 2020-09-15 | not yet calculated | CVE-2020-16099 MISC |
gallagher — command_centre |
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported. | 2020-09-15 | not yet calculated | CVE-2020-16098 MISC |
genexis — platinum_4410 |
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. | 2020-09-16 | not yet calculated | CVE-2020-25015 MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. | 2020-09-14 | not yet calculated | CVE-2020-13315 CONFIRM MISC MISC |
gitlab — gitlab |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature. | 2020-09-14 | not yet calculated | CVE-2020-13309 CONFIRM MISC MISC |
gnuplot — gnuplot |
gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-25412 MISC |
gnuplot — gnuplot |
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-25559 MISC |
google — android_10_and_11_devices | In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026 | 2020-09-17 | not yet calculated | CVE-2020-0390 MISC |
google — android_10_and_11_devices | In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488 | 2020-09-17 | not yet calculated | CVE-2020-0382 MISC |
google — android_10_and_11_devices |
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285 | 2020-09-17 | not yet calculated | CVE-2020-0388 MISC |
google — android_10_and_11_devices |
In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408 | 2020-09-17 | not yet calculated | CVE-2020-0389 MISC |
google — android_11_devices | In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085 | 2020-09-17 | not yet calculated | CVE-2020-0330 MISC |
google — android_11_devices | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224 | 2020-09-18 | not yet calculated | CVE-2020-0282 MISC |
google — android_11_devices | In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132274514 | 2020-09-17 | not yet calculated | CVE-2020-0363 MISC |
google — android_11_devices | In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211 | 2020-09-17 | not yet calculated | CVE-2020-0267 MISC |
google — android_11_devices | In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755 | 2020-09-17 | not yet calculated | CVE-2020-0333 MISC |
google — android_11_devices | In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459 | 2020-09-17 | not yet calculated | CVE-2020-0266 MISC |
google — android_11_devices | In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151927433 | 2020-09-17 | not yet calculated | CVE-2020-0361 MISC |
google — android_11_devices | In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 | 2020-09-18 | not yet calculated | CVE-2020-0318 MISC |
google — android_11_devices | In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144920149 | 2020-09-17 | not yet calculated | CVE-2020-0341 MISC |
google — android_11_devices | In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119 | 2020-09-18 | not yet calculated | CVE-2020-0299 MISC |
google — android_11_devices | In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925 | 2020-09-17 | not yet calculated | CVE-2020-0274 MISC |
google — android_11_devices | In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721 | 2020-09-17 | not yet calculated | CVE-2020-0345 MISC |
google — android_11_devices | In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139666480 | 2020-09-17 | not yet calculated | CVE-2020-0306 MISC |
google — android_11_devices | In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357 | 2020-09-17 | not yet calculated | CVE-2020-0308 MISC |
google — android_11_devices | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765 | 2020-09-18 | not yet calculated | CVE-2020-0319 MISC |
google — android_11_devices | In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493 | 2020-09-17 | not yet calculated | CVE-2020-0355 MISC |
google — android_11_devices | In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147 | 2020-09-17 | not yet calculated | CVE-2020-0372 MISC |
google — android_11_devices |
In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563 | 2020-09-17 | not yet calculated | CVE-2020-0358 MISC |
google — android_11_devices |
In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770 | 2020-09-17 | not yet calculated | CVE-2020-0364 MISC |
google — android_11_devices |
In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002762 | 2020-09-17 | not yet calculated | CVE-2020-0346 MISC |
google — android_11_devices |
In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154921790 | 2020-09-17 | not yet calculated | CVE-2020-0426 MISC |
google — android_11_devices |
In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920 | 2020-09-17 | not yet calculated | CVE-2020-0314 MISC |
google — android_11_devices |
In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266 | 2020-09-18 | not yet calculated | CVE-2020-0298 MISC |
google — android_11_devices |
In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129456 | 2020-09-17 | not yet calculated | CVE-2020-0360 MISC |
google — android_11_devices |
There is a possible way to view notifications even when the “Lockdown” feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124000380 | 2020-09-17 | not yet calculated | CVE-2020-0425 MISC |
google — android_11_devices |
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123237930 | 2020-09-17 | not yet calculated | CVE-2020-0362 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582 | 2020-09-18 | not yet calculated | CVE-2020-0348 MISC |
google — android_11_devices |
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569 | 2020-09-17 | not yet calculated | CVE-2020-0357 MISC |
google — android_11_devices |
In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559 | 2020-09-17 | not yet calculated | CVE-2020-0356 MISC |
google — android_11_devices |
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331 | 2020-09-18 | not yet calculated | CVE-2020-0354 MISC |
google — android_11_devices |
In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777526 | 2020-09-17 | not yet calculated | CVE-2020-0353 MISC |
google — android_11_devices |
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | 2020-09-17 | not yet calculated | CVE-2020-0352 MISC |
google — android_11_devices |
In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537 | 2020-09-17 | not yet calculated | CVE-2020-0351 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089 | 2020-09-18 | not yet calculated | CVE-2020-0350 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216 | 2020-09-18 | not yet calculated | CVE-2020-0300 MISC |
google — android_11_devices |
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382 | 2020-09-17 | not yet calculated | CVE-2020-0337 MISC |
google — android_11_devices |
In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 | 2020-09-18 | not yet calculated | CVE-2020-0347 MISC |
google — android_11_devices |
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596 | 2020-09-17 | not yet calculated | CVE-2020-0264 MISC |
google — android_11_devices |
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | 2020-09-18 | not yet calculated | CVE-2020-0405 MISC |
google — android_11_devices |
In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137794014 | 2020-09-17 | not yet calculated | CVE-2020-0406 MISC |
google — android_11_devices |
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253476 | 2020-09-17 | not yet calculated | CVE-2020-0375 MISC |
google — android_11_devices |
In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602 | 2020-09-17 | not yet calculated | CVE-2020-0374 MISC |
google — android_11_devices |
In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146894086 | 2020-09-17 | not yet calculated | CVE-2020-0373 MISC |
google — android_11_devices |
In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-112051700 | 2020-09-17 | not yet calculated | CVE-2020-0370 MISC |
google — android_11_devices |
In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130231426 | 2020-09-17 | not yet calculated | CVE-2020-0369 MISC |
google — android_11_devices |
In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018 | 2020-09-17 | not yet calculated | CVE-2020-0359 MISC |
google — android_11_devices |
In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580 | 2020-09-18 | not yet calculated | CVE-2020-0365 MISC |
google — android_11_devices |
In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144901522 | 2020-09-17 | not yet calculated | CVE-2020-0340 MISC |
google — android_11_devices |
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107 | 2020-09-17 | not yet calculated | CVE-2020-0338 MISC |
google — android_11_devices |
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444 | 2020-09-17 | not yet calculated | CVE-2020-0336 MISC |
google — android_11_devices |
In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | 2020-09-17 | not yet calculated | CVE-2020-0344 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504 | 2020-09-18 | not yet calculated | CVE-2020-0335 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915 | 2020-09-18 | not yet calculated | CVE-2020-0334 MISC |
google — android_11_devices |
In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472 | 2020-09-17 | not yet calculated | CVE-2020-0343 MISC |
google — android_11_devices |
In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982 | 2020-09-17 | not yet calculated | CVE-2020-0332 MISC |
google — android_11_devices |
In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131 | 2020-09-17 | not yet calculated | CVE-2020-0328 MISC |
google — android_11_devices |
In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304 | 2020-09-17 | not yet calculated | CVE-2020-0324 MISC |
google — android_11_devices |
In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087 | 2020-09-17 | not yet calculated | CVE-2020-0323 MISC |
google — android_11_devices |
In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540 | 2020-09-17 | not yet calculated | CVE-2020-0322 MISC |
google — android_11_devices |
In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907 | 2020-09-17 | not yet calculated | CVE-2020-0321 MISC |
google — android_11_devices |
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427 | 2020-09-17 | not yet calculated | CVE-2020-0320 MISC |
google — android_11_devices |
In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940 | 2020-09-17 | not yet calculated | CVE-2020-0329 MISC |
google — android_11_devices |
In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138443815 | 2020-09-17 | not yet calculated | CVE-2020-0366 MISC |
google — android_11_devices |
In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624 | 2020-09-17 | not yet calculated | CVE-2020-0297 MISC |
google — android_11_devices |
In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099 | 2020-09-17 | not yet calculated | CVE-2020-0312 MISC |
google — android_11_devices |
In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209 | 2020-09-17 | not yet calculated | CVE-2020-0296 MISC |
google — android_11_devices |
In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394 | 2020-09-17 | not yet calculated | CVE-2020-0287 MISC |
google — android_11_devices |
In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379 | 2020-09-17 | not yet calculated | CVE-2020-0130 MISC |
google — android_11_devices |
In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320 | 2020-09-18 | not yet calculated | CVE-2020-0309 MISC |
google — android_11_devices |
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 | 2020-09-18 | not yet calculated | CVE-2020-0089 MISC |
google — android_11_devices |
In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229 | 2020-09-17 | not yet calculated | CVE-2020-0303 MISC |
google — android_11_devices |
In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929 | 2020-09-17 | not yet calculated | CVE-2020-0317 MISC |
google — android_11_devices |
In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168 | 2020-09-17 | not yet calculated | CVE-2020-0125 MISC |
google — android_11_devices |
In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081 | 2020-09-18 | not yet calculated | CVE-2020-0271 MISC |
google — android_11_devices |
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008 | 2020-09-18 | not yet calculated | CVE-2020-0262 MISC |
google — android_11_devices |
In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141455849 | 2020-09-17 | not yet calculated | CVE-2020-0293 MISC |
google — android_11_devices |
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn’t have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736 | 2020-09-17 | not yet calculated | CVE-2020-0275 MISC |
google — android_11_devices |
In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device’s data plan with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148627993 | 2020-09-17 | not yet calculated | CVE-2020-0277 MISC |
google — android_11_devices |
In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628 | 2020-09-17 | not yet calculated | CVE-2020-0270 MISC |
google — android_11_devices |
In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997 | 2020-09-17 | not yet calculated | CVE-2020-0279 MISC |
google — android_11_devices |
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 | 2020-09-18 | not yet calculated | CVE-2020-0281 MISC |
google — android_11_devices |
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | 2020-09-18 | not yet calculated | CVE-2020-0268 MISC |
google — android_11_devices |
In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991 | 2020-09-17 | not yet calculated | CVE-2020-0288 MISC |
google — android_11_devices |
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460 | 2020-09-17 | not yet calculated | CVE-2020-0301 MISC |
google — android_11_devices |
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872 | 2020-09-17 | not yet calculated | CVE-2020-0289 MISC |
google — android_11_devices |
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866 | 2020-09-17 | not yet calculated | CVE-2020-0290 MISC |
google — android_devices | There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576 | 2020-09-17 | not yet calculated | CVE-2020-0342 MISC |
google — android_devices | UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | 2020-09-18 | not yet calculated | CVE-2020-5629 MISC |
google — android_devices | In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804 | 2020-09-17 | not yet calculated | CVE-2020-0387 MISC |
google — android_devices | In Pixel’s use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508 | 2020-09-17 | not yet calculated | CVE-2020-0434 MISC |
google — android_devices | In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A | 2020-09-17 | not yet calculated | CVE-2020-0407 MISC |
google — android_devices | In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 | 2020-09-17 | not yet calculated | CVE-2020-0427 MISC |
google — android_devices | In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150159669 | 2020-09-17 | not yet calculated | CVE-2020-0381 MISC |
google — android_devices |
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 | 2020-09-17 | not yet calculated | CVE-2020-0431 MISC |
google — android_devices |
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel | 2020-09-17 | not yet calculated | CVE-2020-0404 MISC |
google — android_devices |
In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923 | 2020-09-17 | not yet calculated | CVE-2020-0403 MISC |
google — android_devices |
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 | 2020-09-17 | not yet calculated | CVE-2020-0432 MISC |
google — android_devices |
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574 | 2020-09-17 | not yet calculated | CVE-2020-0278 MISC |
google — android_devices |
In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299 | 2020-09-17 | not yet calculated | CVE-2020-0433 MISC |
google — android_devices |
In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783 | 2020-09-17 | not yet calculated | CVE-2020-0428 MISC |
google — android_devices |
In inline_data_addr of f2fs.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133762747 | 2020-09-17 | not yet calculated | CVE-2020-0435 MISC |
google — android_devices |
In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554 | 2020-09-17 | not yet calculated | CVE-2020-0430 MISC |
google — android_devices |
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374 | 2020-09-17 | not yet calculated | CVE-2020-0123 MISC |
google — android_devices |
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. | 2020-09-18 | not yet calculated | CVE-2020-5628 MISC |
google — android_devices |
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725 | 2020-09-17 | not yet calculated | CVE-2020-0229 MISC |
google — android_devices |
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806 | 2020-09-17 | not yet calculated | CVE-2020-0429 MISC |
google — brotli |
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a “one-shot” decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the “streaming” API as opposed to the “one-shot” API, and impose chunk size limits. | 2020-09-15 | not yet calculated | CVE-2020-8927 CONFIRM |
google — multiple_android_devices | In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307 | 2020-09-17 | not yet calculated | CVE-2020-0395 MISC |
google — multiple_android_devices | In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149 | 2020-09-17 | not yet calculated | CVE-2020-0245 MISC |
google — multiple_android_devices | In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153993591 | 2020-09-17 | not yet calculated | CVE-2020-0399 MISC |
google — multiple_android_devices |
In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253 | 2020-09-17 | not yet calculated | CVE-2020-0401 MISC |
google — multiple_android_devices |
In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492 | 2020-09-17 | not yet calculated | CVE-2020-0379 MISC |
google — multiple_android_devices |
In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150159906 | 2020-09-17 | not yet calculated | CVE-2020-0384 MISC |
google — multiple_android_devices |
In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150160279 | 2020-09-17 | not yet calculated | CVE-2020-0383 MISC |
google — multiple_android_devices |
In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-150160041 | 2020-09-17 | not yet calculated | CVE-2020-0385 MISC |
google — multiple_android_devices |
In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356 | 2020-09-17 | not yet calculated | CVE-2020-0386 MISC |
google — multiple_android_devices |
In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-158570769 | 2020-09-17 | not yet calculated | CVE-2020-0391 MISC |
google — multiple_android_devices |
In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-154123412 | 2020-09-17 | not yet calculated | CVE-2020-0393 MISC |
google — multiple_android_devices |
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120 | 2020-09-17 | not yet calculated | CVE-2020-0074 MISC |
google — multiple_android_devices |
In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979 | 2020-09-17 | not yet calculated | CVE-2020-0380 MISC |
google — multiple_android_devices |
In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639 | 2020-09-17 | not yet calculated | CVE-2020-0394 MISC |
google — multiple_android_devices |
In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269 | 2020-09-17 | not yet calculated | CVE-2020-0396 MISC |
google — multiple_android_devices |
In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155092443 | 2020-09-17 | not yet calculated | CVE-2020-0397 MISC |
google — multiple_android_devices |
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-150226608 | 2020-09-17 | not yet calculated | CVE-2020-0392 MISC |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software. | 2020-09-17 | not yet calculated | CVE-2020-15185 MISC CONFIRM |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters. | 2020-09-17 | not yet calculated | CVE-2020-15184 MISC CONFIRM |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm –help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range. | 2020-09-17 | not yet calculated | CVE-2020-15186 MISC CONFIRM |
helm — helm |
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin’s install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL. | 2020-09-17 | not yet calculated | CVE-2020-15187 MISC CONFIRM |
hewlett_packard — enterprise_universal_api_framework |
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). | 2020-09-18 | not yet calculated | CVE-2020-24623 MISC |
huawei — taurus-anoob_devices |
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | 2020-09-18 | not yet calculated | CVE-2020-9084 MISC |
ibm — bladecenter_advanced_management_module |
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user’s AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself. | 2020-09-15 | not yet calculated | CVE-2020-8339 MISC |
ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537. | 2020-09-16 | not yet calculated | CVE-2020-4409 XF CONFIRM |
ibm — security_trusteer_pinpoint_detect |
IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371. | 2020-09-16 | not yet calculated | CVE-2020-4708 XF CONFIRM |
installbuilder — installbuilder |
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer. | 2020-09-18 | not yet calculated | CVE-2020-3979 MISC |
intel — multiple_products |
Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | 2020-09-14 | not yet calculated | CVE-2020-24457 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | 2020-09-16 | not yet calculated | CVE-2020-2268 MLIST CONFIRM |
joomla — joomla! |
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | 2020-09-18 | not yet calculated | CVE-2020-25751 MISC MISC |
json-bigint — json-bigint |
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. | 2020-09-18 | not yet calculated | CVE-2020-8237 MISC |
lenovo — |
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | 2020-09-15 | not yet calculated | CVE-2020-8342 MISC |
lenovo — system_x_imm2 |
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user’s web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself. | 2020-09-15 | not yet calculated | CVE-2020-8340 MISC |
lenovo — vantage |
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | 2020-09-15 | not yet calculated | CVE-2020-8346 MISC |
lg — multiple_products |
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). | 2020-09-14 | not yet calculated | CVE-2020-7807 MISC MISC |
libraw — libraw |
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-24890 MISC |
libraw — libraw |
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | 2020-09-16 | not yet calculated | CVE-2020-24889 MISC |
linux — linux_kernel | A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being ‘force disabled’ when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. | 2020-09-16 | not yet calculated | CVE-2020-10768 CONFIRM MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | not yet calculated | CVE-2020-14331 MISC MISC MISC |
linux — linux_kernel |
A memory disclosure flaw was found in the Linux kernel’s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. | 2020-09-15 | not yet calculated | CVE-2020-14304 MISC CONFIRM |
linux — linux_kernel |
A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability. | 2020-09-18 | not yet calculated | CVE-2020-14390 MISC MISC MISC |
linux — linux_kernel |
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. | 2020-09-15 | not yet calculated | CVE-2020-14314 CONFIRM MISC MISC |
linux — linux_kernel |
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. | 2020-09-15 | not yet calculated | CVE-2020-10766 CONFIRM MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. | 2020-09-15 | not yet calculated | CVE-2020-10767 CONFIRM MISC |
linux — linux_kernel |
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. | 2020-09-16 | not yet calculated | CVE-2020-10781 CONFIRM MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | 2020-09-16 | not yet calculated | CVE-2020-14386 CONFIRM MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. | 2020-09-15 | not yet calculated | CVE-2020-14385 CONFIRM MISC |
london_trust_media — private_internet_access_vpn_client_for_linux |
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically. | 2020-09-14 | not yet calculated | CVE-2020-15590 MISC MISC MISC |
mediawiki — mediawiki |
The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors’ browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover. This has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely. | 2020-09-15 | not yet calculated | CVE-2020-15179 MISC CONFIRM |
micro_focus — operation_agent |
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | 2020-09-18 | not yet calculated | CVE-2020-11861 MISC |
misp — misp |
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. | 2020-09-18 | not yet calculated | CVE-2020-25766 MISC MISC |
nextcloud — desktop_client |
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | 2020-09-18 | not yet calculated | CVE-2020-8225 MISC MISC |
nifty — project_management_web_application |
Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. | 2020-09-15 | not yet calculated | CVE-2020-25071 MISC MISC |
nitro_software — nitro_pro |
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6112 MISC |
nitro_software — nitro_pro |
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6113 MISC |
nitro_software — nitro_pro |
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6115 MISC |
nitro_software — nitro_pro |
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | 2020-09-17 | not yet calculated | CVE-2020-6116 MISC |
node.js — node.js |
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. | 2020-09-18 | not yet calculated | CVE-2020-8251 MISC MISC |
node.js — node.js |
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | 2020-09-18 | not yet calculated | CVE-2020-8252 MISC MISC |
node.js — node.js |
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | 2020-09-18 | not yet calculated | CVE-2020-8201 MISC MISC |
nvidia — geforce_now |
NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure. | 2020-09-18 | not yet calculated | CVE-2020-5975 CONFIRM |
nvidia — geforce_now |
NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure. | 2020-09-18 | not yet calculated | CVE-2020-5976 CONFIRM |
objective_systems — objective_open_cbor |
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption. | 2020-09-17 | not yet calculated | CVE-2020-24753 MISC MISC |
ozeki — ng_sms_gateway |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files. | 2020-09-18 | not yet calculated | CVE-2020-14029 MISC MISC |
ozeki — ng_sms_gateway |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITYSYSTEM privileges. | 2020-09-18 | not yet calculated | CVE-2020-14021 MISC MISC MISC |
perl — perl |
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | 2020-09-16 | not yet calculated | CVE-2014-10402 MISC |
perl — perl |
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service’s availability. | 2020-09-16 | not yet calculated | CVE-2020-14392 SUSE MISC MISC UBUNTU |
perl — perl |
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | 2020-09-16 | not yet calculated | CVE-2020-14393 SUSE MISC MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | 2020-09-18 | not yet calculated | CVE-2020-14525 MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | 2020-09-18 | not yet calculated | CVE-2020-16200 MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 2020-09-18 | not yet calculated | CVE-2020-16247 MISC |
philips — clinical_collaboration_platform |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 2020-09-18 | not yet calculated | CVE-2020-16198 MISC |
philips — clinical_collaboration_platfotm |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | 2020-09-18 | not yet calculated | CVE-2020-14506 MISC |
postgresql — postgreql |
The Windows installer for PostgreSQL 9.5 – 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer’s administrative rights. | 2020-09-16 | not yet calculated | CVE-2020-10733 MISC MISC |
prestashop — prestashop |
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim’s browser. | 2020-09-15 | not yet calculated | CVE-2020-15178 MISC CONFIRM MISC |
puppet — puppet_enterprise |
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1. | 2020-09-18 | not yet calculated | CVE-2020-7945 MISC |
rad — secflow-1v |
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259. | 2020-09-17 | not yet calculated | CVE-2020-13260 MISC MISC MISC |
rad — secflow-1v |
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260. | 2020-09-16 | not yet calculated | CVE-2020-13259 MISC EXPLOIT-DB |
rapid7 — appspider |
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. | 2020-09-18 | not yet calculated | CVE-2020-7358 MISC |
red_discord_bot — act_module |
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible. | 2020-09-15 | not yet calculated | CVE-2020-15172 MISC CONFIRM |
red_hat — jboss_eap |
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. | 2020-09-16 | not yet calculated | CVE-2020-1710 MISC |
red_hat — jboss_keycloak | A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. | 2020-09-16 | not yet calculated | CVE-2020-1694 MISC |
red_hat — jboss_keycloak |
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. | 2020-09-16 | not yet calculated | CVE-2020-10758 MISC |
red_hat — jboss_keycloak |
A flaw was found in Keycloak’s data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks. | 2020-09-16 | not yet calculated | CVE-2020-10748 MISC |
red_hat — openshift_console |
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. | 2020-09-16 | not yet calculated | CVE-2020-10715 MISC MISC |
red_hat — qt_library |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | 2020-09-14 | not yet calculated | CVE-2020-0570 MISC |
resteasy — resteasy |
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server’s potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. | 2020-09-18 | not yet calculated | CVE-2020-25633 CONFIRM |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. | 2020-09-19 | not yet calculated | CVE-2020-25794 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement. | 2020-09-19 | not yet calculated | CVE-2020-25796 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. | 2020-09-19 | not yet calculated | CVE-2020-25795 MISC MISC |
rust — rust |
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. | 2020-09-14 | not yet calculated | CVE-2020-25573 MISC MISC |
rust — rust |
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. | 2020-09-14 | not yet calculated | CVE-2020-25576 MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit(). | 2020-09-19 | not yet calculated | CVE-2020-25791 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair(). | 2020-09-19 | not yet calculated | CVE-2020-25792 MISC MISC |
rust — rust |
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. | 2020-09-19 | not yet calculated | CVE-2020-25793 MISC MISC |
rust — rust |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-09-14 | not yet calculated | CVE-2020-25575 MISC MISC |
rust — rust |
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). | 2020-09-14 | not yet calculated | CVE-2020-25574 MISC MISC |
safervpn_for_windows — safervpn_for_windows |
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%SaferVPNLog is followed. | 2020-09-18 | not yet calculated | CVE-2020-25744 MISC MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | 2020-09-16 | not yet calculated | CVE-2020-7528 MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Transversal’) vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | 2020-09-16 | not yet calculated | CVE-2020-7529 MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. | 2020-09-16 | not yet calculated | CVE-2020-7530 MISC |
schneider_electric — scadapack_7x_remote_connect |
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | 2020-09-16 | not yet calculated | CVE-2020-7531 MISC |
schnieder_electric — scadapack_7x_security_administrator |
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer. | 2020-09-16 | not yet calculated | CVE-2020-7532 MISC |
solarwinds — orion_platform |
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | 2020-09-17 | not yet calculated | CVE-2020-13169 CONFIRM MISC |
sourcecodester — online_course_registartion |
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | 2020-09-15 | not yet calculated | CVE-2020-23828 MISC MISC |
soycms — soycms | SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage. | 2020-09-17 | not yet calculated | CVE-2020-15183 MISC CONFIRM MISC |
soycms — soycms | SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328. | 2020-09-18 | not yet calculated | CVE-2020-15189 MISC MISC MISC CONFIRM MISC |
soycms — soycms | SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328. | 2020-09-18 | not yet calculated | CVE-2020-15188 MISC MISC CONFIRM MISC |
soycms — soycms | The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328. | 2020-09-17 | not yet calculated | CVE-2020-15182 MISC CONFIRM MISC |
spring — spring_framework |
In Spring Framework versions 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 2020-09-19 | not yet calculated | CVE-2020-5421 CONFIRM |
sqreen — php_agent_daemon |
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. | 2020-09-17 | not yet calculated | CVE-2020-25490 CONFIRM |
sqreen — pyminiracer |
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. | 2020-09-17 | not yet calculated | CVE-2020-25489 CONFIRM MISC |
suse — multiple_products |
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1. | 2020-09-17 | not yet calculated | CVE-2020-8028 CONFIRM |
sylabs — singularity |
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | 2020-09-16 | not yet calculated | CVE-2020-25040 MISC MISC |
sylabs — singularity |
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | 2020-09-16 | not yet calculated | CVE-2020-25039 MISC MISC |
tibco_software — multiple_products |
The Spotfire client component of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1. | 2020-09-15 | not yet calculated | CVE-2020-9416 CONFIRM CONFIRM |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST[“url”] in an error message. | 2020-09-19 | not yet calculated | CVE-2020-25788 MISC MISC |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. | 2020-09-19 | not yet calculated | CVE-2020-25787 MISC MISC |
tiny — tiny_rss |
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. | 2020-09-19 | not yet calculated | CVE-2020-25789 MISC MISC |
titanhq — spamtitan | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page. | 2020-09-17 | not yet calculated | CVE-2020-11803 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. | 2020-09-17 | not yet calculated | CVE-2020-11804 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. | 2020-09-17 | not yet calculated | CVE-2020-11699 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. | 2020-09-17 | not yet calculated | CVE-2020-11700 MISC MISC MISC MISC MISC |
titanhq — spamtitan |
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. | 2020-09-17 | not yet calculated | CVE-2020-11698 MISC MISC MISC MISC |
titanhq — spantitan_gateway |
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login. | 2020-09-17 | not yet calculated | CVE-2020-24046 MISC MISC MISC MISC |
titanhq — spantitan_gateway |
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar. | 2020-09-17 | not yet calculated | CVE-2020-24045 MISC MISC MISC MISC |
trend_micro — serverprotect |
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | 2020-09-15 | not yet calculated | CVE-2020-24561 N/A |
typeorm — typeorm |
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. | 2020-09-18 | not yet calculated | CVE-2020-8158 MISC |
ua-parser-js — ua-parser-js |
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | 2020-09-16 | not yet calculated | CVE-2020-7733 CONFIRM CONFIRM CONFIRM CONFIRM |
vmware — fusion |
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. | 2020-09-16 | not yet calculated | CVE-2020-3980 MISC |
vmware — workstation |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | 2020-09-16 | not yet calculated | CVE-2020-3986 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. | 2020-09-16 | not yet calculated | CVE-2020-3989 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | 2020-09-16 | not yet calculated | CVE-2020-3987 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. | 2020-09-16 | not yet calculated | CVE-2020-3990 MISC |
vmware — workstation_and_horizon_client |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | 2020-09-16 | not yet calculated | CVE-2020-3988 MISC |
vr_cam — p1_camera |
VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. | 2020-09-15 | not yet calculated | CVE-2020-23512 MISC |
webtareas — webtareas |
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | 2020-09-18 | not yet calculated | CVE-2020-25733 MISC MISC MISC |
webtareas — webtareas |
webTareas through 2.1 allows files/Default/ Directory Listing. | 2020-09-18 | not yet calculated | CVE-2020-25734 MISC MISC MISC |
webtareas — webtareas |
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | 2020-09-18 | not yet calculated | CVE-2020-25735 MISC MISC MISC |
wibu-systems — codemeter |
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. | 2020-09-16 | not yet calculated | CVE-2020-14517 MISC |
wibu-systems — codemeter |
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. | 2020-09-16 | not yet calculated | CVE-2020-14519 MISC |
wibu-systems — codemeter |
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. | 2020-09-16 | not yet calculated | CVE-2020-14513 MISC |
wibu-systems — codemeter |
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. | 2020-09-16 | not yet calculated | CVE-2020-14509 MISC |
wibu-systems — codemeter |
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. | 2020-09-16 | not yet calculated | CVE-2020-14515 MISC |
wildfly — wildfly |
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources. | 2020-09-16 | not yet calculated | CVE-2020-1748 MISC |
wildfly– wildfly |
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality. | 2020-09-16 | not yet calculated | CVE-2020-10718 MISC |
wildfly– wildfly |
A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the “use-grammar-pool-only” feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. All xerces jboss versions before 2.12.0.SP3. | 2020-09-17 | not yet calculated | CVE-2020-14338 MISC |
x.org — x.org |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-15 | not yet calculated | CVE-2020-14345 MISC MISC UBUNTU UBUNTU |
xmlquery — xmlquery |
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. | 2020-09-16 | not yet calculated | CVE-2020-25614 MISC MISC |
yii — yii_2 |
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory. | 2020-09-15 | not yet calculated | CVE-2020-15148 MISC CONFIRM |
yworks — yed_desktop |
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | 2020-09-17 | not yet calculated | CVE-2020-25216 MISC |
yworks — yed_desktop |
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. | 2020-09-17 | not yet calculated | CVE-2020-25215 MISC |
zoneminder — zoneminder |
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. | 2020-09-17 | not yet calculated | CVE-2020-25729 MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.