Original release date: December 7, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

74cms — 74cms
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
2020-12-02
7.5
CVE-2020-29279
MISC
MISC

bloodx_project — bloodx
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
2020-12-02
7.5
CVE-2020-29282
MISC
MISC
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.
2020-11-27
10
CVE-2019-19875
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364.
2020-11-27
7.5
CVE-2019-19872
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
2020-11-27
7.5
CVE-2019-19876
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.
2020-11-27
7.5
CVE-2019-19874
MISC

c-blosc2_project — c-blosc2
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
2020-11-27
9.3
CVE-2020-29367
MISC
MISC

car_rental_management_system_project — car_rental_management_system
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
2020-12-02
7.5
CVE-2020-29287
MISC
MISC
MISC

cloudfoundry — capi-release
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
2020-12-02
7.8
CVE-2020-5423
CONFIRM

crux — crux
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.
2020-12-02
10
CVE-2020-29389
MISC

edimax — ic-3116w_firmware
A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.
2020-12-01
7.5
CVE-2020-26762
CONFIRM

fujitsu — eternus_storage_dx200_s4_firmware
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser.
2020-11-30
10
CVE-2020-29127
MISC
MISC
MISC
MISC

gym_management_system_project — gym_management_system
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter ‘id’ is vulnerable.
2020-12-02
7.5
CVE-2020-29288
MISC
MISC
MISC

hcltech — domino
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.
2020-12-02
10
CVE-2020-14260
MISC

hcltech — notes
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.
2020-12-02
7.2
CVE-2020-4102
MISC

hp — edgeline_infrastructure_manager
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
2020-12-02
10
CVE-2020-7199
MISC

huawei — fusioncompute
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.
2020-12-01
7.2
CVE-2020-9114
MISC

huawei — manageone
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
2020-12-01
9
CVE-2020-9115
MISC

ibm — cloud_pak_for_security
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.
2020-11-30
9
CVE-2020-4627
XF
CONFIRM

linux — linux_kernel
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
2020-12-02
9
CVE-2020-14305
MISC
MISC
MISC

mitsubishielectric — r00cpu_firmware
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
2020-11-30
7.8
CVE-2020-16850
MISC
MISC

moddable — moddable
Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.
2020-12-04
7.5
CVE-2020-25462
MISC
MISC

multi_restaurant_table_reservation_system_project — multi_restaurant_table_reservation_system
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
2020-12-02
7.5
CVE-2020-29284
MISC
MISC
MISC

online_doctor_appointment_booking_system_php_and_mysql_project — online_doctor_appointment_booking_system_php_and_mysql
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
2020-12-02
7.5
CVE-2020-29283
MISC
MISC

pcanalyser — pc_analyser
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges.
2020-11-27
7.2
CVE-2020-28922
MISC
MISC
MISC

pcanalyser — pc_analyser
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges.
2020-11-27
7.2
CVE-2020-28921
MISC
MISC
MISC

point_of_sales_in_php/pdo_project — point_of_sales_in_php/pdo
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
2020-12-02
7.5
CVE-2020-29285
MISC
MISC
MISC

readymedia_project — readymedia
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
2020-11-30
7.5
CVE-2020-28926
MISC
MISC

synology — safeaccess
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
2020-11-30
10
CVE-2020-27660
CONFIRM

systeminformation — systeminformation
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().
2020-11-27
7.5
CVE-2020-26245
MISC
CONFIRM

ucms_project — ucms
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
2020-11-30
10
CVE-2020-25537
MISC
MISC

valvesoftware — game_networking_sockets
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.
2020-12-02
7.5
CVE-2020-6018
MISC

victor_cms_project — victor_cms
The Victor CMS v1.0 application is vulnerable to SQL injection via the ‘search’ parameter on the search.php page.
2020-12-02
7.5
CVE-2020-29280
MISC
MISC
MISC

vsolcn — v1600d_firmware
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in “upload tftp syslog” and “upload tftp configuration” in the CLI via a crafted filename.
2020-11-29
10
CVE-2020-29381
MISC

vsolcn — v1600d_firmware
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command.
2020-11-29
9
CVE-2020-29378
MISC

westerndigital — my_cloud_os_5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
2020-12-01
7.5
CVE-2020-28971
MISC
CONFIRM

westerndigital — my_cloud_os_5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)
2020-12-01
7.5
CVE-2020-28970
MISC
CONFIRM

westerndigital — my_cloud_os_5
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
2020-12-01
7.5
CVE-2020-28940
MISC
CONFIRM

zeroshell — zeroshell
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
2020-11-30
10
CVE-2020-29390
MISC

zte — zxv10_w908_firmware
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.
2020-12-01
7.5
CVE-2020-6880
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

advancedsystemcare — advanced_systemcare
There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD)
2020-12-03
4.9
CVE-2020-23738
MISC
MISC
MISC

advsys — pngout
An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow.
2020-11-30
4.3
CVE-2020-29384
MISC
MISC
MISC

amoisoft — anyview
In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD).
2020-12-03
4.9
CVE-2020-23741
MISC
MISC
MISC

antiy — antiy_zhijia_terminal_defense_system
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).
2020-12-03
4.9
CVE-2020-23727
MISC
MISC
MISC

apache — httpclient
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
2020-12-02
5
CVE-2020-13956
MISC
MLIST
MLIST

atlassian — jira
Affected versions of Automation for Jira – Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.
2020-11-30
5.5
CVE-2020-14193
N/A

atx — minicmts200a_firmware
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.
2020-12-01
5
CVE-2020-28993
MISC
MISC

bitrix24 — bitrix_framework
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An “User enumeration and Improper Restriction of Excessive Authentication Attempts” vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.
2020-12-02
4
CVE-2020-28206
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.
2020-11-27
5
CVE-2019-19878
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.
2020-11-27
5
CVE-2019-19877
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.
2020-11-27
5
CVE-2019-19873
MISC

br-automation — industrial_automation_aprol
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.
2020-11-27
5
CVE-2019-19869
MISC

canon — mf237w_firmware
An issue was discovered on Canon MF237w 06.07 devices. An “Improper Handling of Length Parameter Inconsistency” issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.
2020-11-30
5
CVE-2020-16849
MISC
CONFIRM

canto — canto
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
2020-11-30
5
CVE-2020-28977
MISC
MISC
MISC
MISC
MISC

canto — canto
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
2020-11-30
5
CVE-2020-28978
MISC
MISC
MISC
MISC
MISC

canto — canto
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
2020-11-30
5
CVE-2020-28976
MISC
MISC
MISC
MISC
MISC

clmg — clmg
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.
2020-12-03
5.8
CVE-2020-25693
MISC

coremail_xt_project — coremail_xt
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.
2020-11-27
4.3
CVE-2020-29133
MISC

cpanel — cpanel
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
2020-11-27
4
CVE-2020-29136
MISC
MISC

cpanel — cpanel
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
2020-11-27
4.3
CVE-2020-29137
MISC
MISC

ctolog — thinkadmin
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
2020-12-01
4.3
CVE-2020-29315
MISC

dadajiasu — dada_accelerator
There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD).
2020-12-03
4.9
CVE-2020-23736
MISC
MISC
MISC

desknets — neo
Cross-site scripting vulnerability in desknet’s NEO (desknet’s NEO Small License V5.5 R1.5 and earlier, and desknet’s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.
2020-12-03
4.3
CVE-2020-5638
MISC
MISC

dlt-daemon_project — dlt-daemon
A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument).
2020-11-30
6.8
CVE-2020-29394
MISC
MISC

drivergenius — drivergenius
In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges.
2020-12-03
4.6
CVE-2020-23740
MISC
MISC
MISC
MISC

ec-cube — ec-cube
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.
2020-12-03
4.3
CVE-2020-5679
MISC
MISC

ec-cube — ec-cube
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
2020-12-03
5
CVE-2020-5680
MISC
MISC

eclipse — jetty
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
2020-11-28
4.3
CVE-2020-27218
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST

elastic — kibana
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.
2020-12-02
5.8
CVE-2020-27816
MISC

hcltech — domino
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.
2020-12-01
5
CVE-2020-4128
MISC

hcltech — hcl_domino
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
2020-12-01
5
CVE-2020-4129
MISC

hcltech — hcl_domino
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user’s system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
2020-11-30
4.3
CVE-2020-4127
MISC

hcltech — hcl_inotes
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.
2020-12-01
4.3
CVE-2020-4126
MISC

hibernate — hibernate_orm
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
2020-12-02
5.8
CVE-2020-25638
MISC

huawei — fusioncompute
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.
2020-12-01
6.5
CVE-2020-9116
MISC

huawei — nova_4_firmware
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.
2020-12-01
4.6
CVE-2020-9117
MISC

ibm — cloud_pak_for_security
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.
2020-11-30
4
CVE-2020-4696
XF
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.
2020-11-30
4
CVE-2020-4626
XF
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.
2020-11-30
5
CVE-2020-4624
XF
CONFIRM

ibm — cloud_pak_for_security
IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
2020-11-30
5
CVE-2020-4625
XF
CONFIRM

jenkins — shelve_project
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.
2020-12-03
5.8
CVE-2020-2321
MLIST
CONFIRM

lenovo — pcmanager
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
2020-11-30
4.6
CVE-2020-8351
CONFIRM

libvncserver_project — libvncserver
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
2020-11-27
5
CVE-2020-25708
MISC

libxls_project — libxls
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
2020-12-02
6.8
CVE-2017-2910
MISC

linux — linux_kernel
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
2020-11-28
6.9
CVE-2020-29368
MISC
MISC
MISC

linux — linux_kernel
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
2020-11-28
6.9
CVE-2020-29369
MISC
MISC
MISC

linux — linux_kernel
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.
2020-11-28
4.7
CVE-2020-29372
MISC
MISC
MISC

linux — linux_kernel
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
2020-11-28
4.4
CVE-2020-29370
MISC
MISC
MISC

linux — linux_kernel
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
2020-11-28
6.9
CVE-2020-29374
MISC
MISC
MISC

lxml — lxml
A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
2020-12-03
4.3
CVE-2020-27783
MISC

moddable — moddable
Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).
2020-12-04
5
CVE-2020-25461
MISC
MISC

moddable — moddable
Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger.
2020-12-04
5
CVE-2020-25464
MISC

moddable — moddable
Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).
2020-12-04
5
CVE-2020-25465
MISC
MISC

moddable — moddable
Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).
2020-12-04
5
CVE-2020-25463
MISC
MISC

myeventon — eventon
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
2020-11-30
4.3
CVE-2020-29395
MISC
MISC
MISC

nlnetlabs — unbound
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.
2020-11-27
5
CVE-2020-10772
MISC

nodejs — node.js
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
2020-12-03
6.4
CVE-2018-21270
MISC
MISC
MISC

online_voting_system_project — online_voting_system
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.
2020-12-02
4.3
CVE-2020-29239
MISC

outsystems — outsystems
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.
2020-11-30
6.4
CVE-2020-29441
MISC

papermerge — papermerge
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document’s filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required.
2020-12-02
4.3
CVE-2020-29456
MISC
MISC
MISC

pbootcms — pbootcms
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
2020-11-30
4.3
CVE-2020-17901
MISC

phoenixcontact — btp_2043w_firmware
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
2020-12-02
5
CVE-2020-12524
CONFIRM

pimcore — pimcore
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
2020-12-03
4
CVE-2020-26246
MISC
CONFIRM

pixar — openusd
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
2020-12-02
4.3
CVE-2020-13498
MISC

pixar — openusd
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
2020-12-02
4.3
CVE-2020-13494
MISC

pixar — openusd
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
2020-12-02
4.3
CVE-2020-13496
MISC

pixar — openusd
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
2020-12-02
4.3
CVE-2020-13497
MISC

pixar — openusd
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
2020-12-03
4.3
CVE-2020-13524
MISC

pixar — openusd
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.
2020-12-02
6.8
CVE-2020-13493
MISC

processmaker — processmaker
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
2020-12-03
6.5
CVE-2020-13525
MISC

qemu — qemu
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
2020-11-30
6.4
CVE-2020-25624
MISC

quickheal — total_security
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.
2020-11-30
4.3
CVE-2020-27586
MISC

redhat — cloudforms
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.
2020-12-02
6.8
CVE-2020-14369
MISC

sagemcom — f@st_3486_router_firmware
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
2020-11-27
5
CVE-2020-29138
MISC

saibo — cyber_game_accelerator
In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges
2020-12-03
4.6
CVE-2020-23735
MISC
MISC

samba — samba
A flaw was found in samba’s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
2020-12-02
4
CVE-2020-14383
MISC
MISC

samba — samba
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
2020-12-03
4
CVE-2020-14318
MISC
MISC

schedmd — slurm
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
2020-11-27
6.8
CVE-2020-27745
MISC

schedmd — slurm
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.
2020-11-27
4.3
CVE-2020-27746
MISC

schneider-electric — ecostruxure_energy_expert
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
2020-12-01
6.5
CVE-2020-7547
MISC

schneider-electric — ecostruxure_energy_expert
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
2020-12-01
6.5
CVE-2020-7545
MISC

softwaremill — akka-http-session
This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.
2020-11-27
6.8
CVE-2020-7780
MISC
MISC
MISC
MISC
MISC
MISC

textpattern — textpattern
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
2020-12-02
6.8
CVE-2020-29458
MISC

trendmicro — apex_one
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
2020-12-01
5
CVE-2020-28576
MISC
MISC
MISC

trendmicro — apex_one
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
2020-12-01
5
CVE-2020-28573
MISC
MISC
MISC

trendmicro — apex_one
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
2020-12-01
5
CVE-2020-28577
MISC
MISC
MISC

trendmicro — apex_one
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
2020-12-01
5
CVE-2020-28582
MISC
MISC
MISC

trendmicro — apex_one
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
2020-12-01
5
CVE-2020-28583
MISC
MISC
MISC

trendmicro — serverprotect
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.
2020-12-01
4.6
CVE-2020-28575
MISC
MISC

umbraco — umbraco_cms
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
2020-12-02
4
CVE-2020-29454
MISC

vsolcn — v1600d_firmware
An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided.
2020-11-29
5
CVE-2020-29377
MISC

vsolcn — v1600d_firmware
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.
2020-11-29
4.3
CVE-2020-29380
MISC

vsolcn — v1600d_firmware
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user.
2020-11-29
4
CVE-2020-29375
MISC

vsolcn — v1600d_firmware
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service.
2020-11-29
5
CVE-2020-29376
MISC

we-con — plc_editor
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.
2020-12-01
6.8
CVE-2020-25177
MISC

we-con — plc_editor
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.
2020-12-01
6.8
CVE-2020-25181
MISC

weseek — growi
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
2020-12-03
4.3
CVE-2020-5677
MISC
MISC
MISC

weseek — growi
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
2020-12-03
4.3
CVE-2020-5678
MISC
MISC
MISC

weseek — growi
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.
2020-12-03
5
CVE-2020-5676
MISC
MISC
MISC

wisecleaner — wise_care_365
There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).
2020-12-03
4.9
CVE-2020-23726
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

apache — cordova
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.
2020-12-01
2.1
CVE-2020-11990
JVN
MISC

audacityteam — audacity
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
2020-11-30
2.1
CVE-2020-11867
MISC
MISC

cpanel — cpanel
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
2020-11-27
3.5
CVE-2020-29135
MISC
MISC

cyberark — endpoint_privilege_manager
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
2020-11-27
1.9
CVE-2020-25738
MISC
MISC

ericsson — bscs_ix_r18_billing_&_rating_admx
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework.
2020-11-27
3.5
CVE-2020-29144
MISC

ericsson — bscs_ix_r18_billing_&_rating_admx
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework.
2020-11-27
3.5
CVE-2020-29145
MISC

ibm — business_automation_workflow
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.
2020-11-30
2.1
CVE-2020-4900
XF
CONFIRM

intelbras — tip200_firmware
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.
2020-11-27
3.5
CVE-2020-12262
MISC
MISC

lepton-cms — leptoncms
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
2020-12-02
3.5
CVE-2020-29240
MISC
MISC

linux — linux_kernel
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
2020-12-02
1.9
CVE-2020-25656
MISC
MISC
MISC

linux — linux_kernel
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.
2020-11-28
2.1
CVE-2020-29373
MISC
MISC
MISC

linux — linux_kernel
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
2020-11-28
2.1
CVE-2020-29371
MISC
MISC
MISC
MISC

linux — linux_kernel
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
2020-11-28
1.9
CVE-2019-20934
MISC
MISC
MISC

lock_password_manager_safe_app_project — lock_password_manager_safe_app
The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user.
2020-11-30
2.1
CVE-2020-29392
MISC

netartmedia — news_lister
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
2020-11-30
3.5
CVE-2020-29364
MISC
MISC

openclinic_project — openclinic
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.
2020-12-03
3.5
CVE-2020-28938
MISC

qemu — qemu
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
2020-12-04
2.1
CVE-2020-28916
CONFIRM
MISC

quickheal — total_security
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.
2020-11-30
2.1
CVE-2020-27585
MISC

quickheal — total_security
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.
2020-11-30
2.1
CVE-2020-27587
MISC

sap — adaptive_server_enterprise
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions – 15.7, 16.0.
2020-11-30
2.7
CVE-2020-6317
MISC
MISC

schneider-electric — ecostruxure_energy_expert
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
2020-12-01
3.5
CVE-2020-7546
MISC

solarwinds — help_desk
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.
2020-12-01
3.5
CVE-2019-16958
MISC
MISC

synology — safeaccess
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
2020-11-30
3.5
CVE-2020-27659
CONFIRM

tesla — model_x_firmware
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.)
2020-11-30
2.1
CVE-2020-29439
MISC

tesla — model_x_firmware
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob.
2020-11-30
2.1
CVE-2020-29440
MISC

tesla — model_x_firmware
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip.
2020-11-30
3.3
CVE-2020-29438
MISC

vsolcn — v1600d4l_firmware
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
2020-11-29
2.1
CVE-2020-29379
MISC

vsolcn — v1600d4l_firmware
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images.
2020-11-29
2.1
CVE-2020-29383
MISC

vsolcn — v1600d_firmware
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.
2020-11-29
2.1
CVE-2020-29382
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info

alfredo_milani_comparetti — speedfan
 
There is a local privilege escalation vulnerabiliy in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges
2020-12-03
not yet calculated
CVE-2020-28175
MISC
MISC
MISC

allen-bradley — micrologix_1100_progammable_logic_controller_systems_series
 
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
2020-12-03
not yet calculated
CVE-2020-6111
MISC

apache — tomcat
 
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
2020-12-03
not yet calculated
CVE-2020-17527
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST

appimage — appimaged
 
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it.
2020-12-02
not yet calculated
CVE-2020-25266
MISC

appimage — libappimage
 
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.
2020-12-02
not yet calculated
CVE-2020-25265
MISC

arachnys — cabot
 
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.
2020-12-04
not yet calculated
CVE-2020-25449
MISC
MISC
MISC
MISC

check_point — endpoint_security_client
 
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.
2020-12-03
not yet calculated
CVE-2020-6021
MISC

cisco — ibevm
 
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability.
2020-12-02
not yet calculated
CVE-2017-14451
MISC

fasterxml — jackson-databind
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
2020-12-03
not yet calculated
CVE-2020-25649
MISC
MISC
MLIST

gni_c_library — glibc
 
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
2020-12-04
not yet calculated
CVE-2020-29562
MISC

gorilla — websocket
 
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.
2020-12-02
not yet calculated
CVE-2020-27813
MISC
MISC

hashicorp — go-slug
 
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
2020-12-03
not yet calculated
CVE-2020-29529
MISC
MISC

imagemagik — imagemagik
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27776
MISC

imagemagik — imagemagik
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27775
MISC

imagemagik — imagemagik
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27767
MISC

imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.
2020-12-04
not yet calculated
CVE-2020-27766
MISC

imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27765
MISC

imagemagik — imagemagik
 
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.
2020-12-03
not yet calculated
CVE-2020-27764
MISC
MISC

imagemagik — imagemagik
 
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27772
MISC

imagemagik — imagemagik
 
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27771
MISC

imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27773
MISC

imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-03
not yet calculated
CVE-2020-27763
MISC

imagemagik — imagemagik
 
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-03
not yet calculated
CVE-2020-27759
MISC

imagemagik — imagemagik
 
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it’s possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
2020-12-03
not yet calculated
CVE-2020-27760
MISC

imagemagik — imagemagik
 
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.
2020-12-03
not yet calculated
CVE-2020-27761
MISC

imagemagik — imagemagik
 
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
2020-12-03
not yet calculated
CVE-2020-27762
MISC

imagemagik — imagemagik
 
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
2020-12-04
not yet calculated
CVE-2020-27770
MISC

imagemagik — imagemagik

 

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
2020-12-04
not yet calculated
CVE-2020-27774
MISC

infinispan — infinispan
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
2020-12-03
not yet calculated
CVE-2020-25711
MISC

jenkins — jenkins
 
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
2020-12-03
not yet calculated
CVE-2020-2323
MLIST
CONFIRM

jenkins — jenkins
 
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.
2020-12-03
not yet calculated
CVE-2020-2322
MLIST
CONFIRM

jenkins — jenkins
 
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
2020-12-03
not yet calculated
CVE-2020-2324
MLIST
CONFIRM

jenkins — jenkins
 
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.
2020-12-03
not yet calculated
CVE-2020-2320
MLIST
CONFIRM

jupyterhub — oauthenticator
 
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed. Provider-based restrictions, including deprecated values such as `GitHubOAuthenticator.org_whitelist` are **not** affected. All users of OAuthenticator 0.12.0 and 0.12.1 with JupyterHub 1.2 (JupyterHub Helm chart 0.10.0-0.10.5) who use the `admin.whitelist.users` configuration in the jupyterhub helm chart or the `c.Authenticator.whitelist` configuration directly. Users of other deprecated configuration, e.g. `c.GitHubOAuthenticator.team_whitelist` are **not** affected. If you see a log line like this and expect a specific list of allowed usernames: “[I 2020-11-27 16:51:54.528 JupyterHub app:1717] Not using allowed_users. Any authenticated user will be allowed.” you are likely affected. Updating oauthenticator to 0.12.2 is recommended. A workaround is to replace the deprecated `c.Authenticator.whitelist = …` with `c.Authenticator.allowed_users = …`. If any users have been authorized during this time who should not have been, they must be deleted via the API or admin interface, per the referenced documentation.
2020-12-01
not yet calculated
CVE-2020-26250
MISC
MISC
CONFIRM
MISC

kaspersky — anti-ransomware_tool
 
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
2020-12-04
not yet calculated
CVE-2020-28950
MISC

kia_motors — head_unit
 
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.
2020-12-01
not yet calculated
CVE-2020-8539
MISC
MISC

lightbend — play_framework
 
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.
2020-12-03
not yet calculated
CVE-2020-28923
MISC
CONFIRM

linux — linux_kernel
 
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
2020-12-03
not yet calculated
CVE-2020-14381
MISC
MISC

linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.
2020-12-03
not yet calculated
CVE-2020-29534
MISC
MISC
MISC

linux — linux_kernel
 
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2020-12-03
not yet calculated
CVE-2020-14351
MISC

linux — linux_kernel
 
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
2020-12-02
not yet calculated
CVE-2020-25704
MISC
MISC
MISC

logicaldoc — logicaldoc
 
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.
2020-12-03
not yet calculated
CVE-2020-13542
MISC

mcafee — total_protection
 
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.
2020-12-01
not yet calculated
CVE-2020-7335
CONFIRM
MISC

mitsubishi_electric_corporation — multiple_products
 
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.
2020-12-04
not yet calculated
CVE-2020-5675
MISC
MISC
MISC

netscout — airmagnet_enterprise
 
NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise.
2020-12-03
not yet calculated
CVE-2020-28251
MISC
CONFIRM

openclinic — openclinic
 
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient’s medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.
2020-12-03
not yet calculated
CVE-2020-28937
MISC

openclinic — openclinic
 
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.
2020-12-03
not yet calculated
CVE-2020-28939
MISC

opensis — community_edition
 
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
2020-12-04
not yet calculated
CVE-2020-27408
MISC
MISC

opensis — community_edition
 
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
2020-12-04
not yet calculated
CVE-2020-27409
MISC
MISC
MISC

openstack — horizon
 
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
2020-12-04
not yet calculated
CVE-2020-29565
MISC
MISC
MISC

pixar — openusd
 
A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.
2020-12-03
not yet calculated
CVE-2020-13531
MISC

poppler — poppler
 
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the ‘pdftohtml’ program, would crash the application causing a denial of service.
2020-12-03
not yet calculated
CVE-2020-27778
MISC

prestashop — prestashop
 
In the PrestaShop module “productcomments” before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
2020-12-03
not yet calculated
CVE-2020-26248
MISC
MISC
CONFIRM
MISC

python — openid_connect
 
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.
2020-12-02
not yet calculated
CVE-2020-26244
MISC
MISC
CONFIRM
MISC

qemu — qemu
 
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
2020-12-02
not yet calculated
CVE-2020-25723
MISC

qemu — qemu
 
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
2020-12-03
not yet calculated
CVE-2020-14339
MISC

rumkin — keyget
 
Prototype pollution vulnerability in ‘keyget’ versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
2020-12-02
not yet calculated
CVE-2020-28272
MISC
CONFIRM

rumkin — set-in
 
Prototype pollution vulnerability in ‘set-in’ versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
2020-12-02
not yet calculated
CVE-2020-28273
MISC
MISC
MISC

schneider_electric — multiple_products
 
A CWE-330 – Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.
2020-12-01
not yet calculated
CVE-2020-7548
MISC

schneider_electric — multiple_products
 
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
2020-12-01
not yet calculated
CVE-2020-7533
MISC

sonicboom — sonicboom
 
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.
2020-12-04
not yet calculated
CVE-2020-29561
MISC

trac_software — webkitgtk
 
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
2020-12-03
not yet calculated
CVE-2020-13584
FEDORA
MISC

trac_software — webkitgtk
 
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
2020-12-03
not yet calculated
CVE-2020-13543
MISC

ubuntu — containerd
 
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the “host” network namespace, for example with docker run –net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container’s privilege, regardless of what container runtime is used for running that container.
2020-12-01
not yet calculated
CVE-2020-15257
MISC
MISC
CONFIRM

ubuntu — pulseaudio
 
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.
2020-12-04
not yet calculated
CVE-2020-16123
UBUNTU
UBUNTU

ubuntu — snapcraft
 
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
2020-12-04
not yet calculated
CVE-2020-27348
MISC
MISC
MISC

ubuntu — ubuntu
 
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn’t check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.
2020-12-02
not yet calculated
CVE-2012-0955
UBUNTU
UBUNTU

valve — game_networking_sockets
 
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.
2020-12-03
not yet calculated
CVE-2020-6017
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.Original release date: December 7, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
74cms — 74cms PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. 2020-12-02 7.5 CVE-2020-29279
MISC
MISC
bloodx_project — bloodx SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. 2020-12-02 7.5 CVE-2020-29282
MISC
MISC
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. 2020-11-27 10 CVE-2019-19875
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364. 2020-11-27 7.5 CVE-2019-19872
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. 2020-11-27 7.5 CVE-2019-19876
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364. 2020-11-27 7.5 CVE-2019-19874
MISC
c-blosc2_project — c-blosc2 blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. 2020-11-27 9.3 CVE-2020-29367
MISC
MISC
car_rental_management_system_project — car_rental_management_system An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. 2020-12-02 7.5 CVE-2020-29287
MISC
MISC
MISC
cloudfoundry — capi-release CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. 2020-12-02 7.8 CVE-2020-5423
CONFIRM
crux — crux The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. 2020-12-02 10 CVE-2020-29389
MISC
edimax — ic-3116w_firmware A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08. 2020-12-01 7.5 CVE-2020-26762
CONFIRM
fujitsu — eternus_storage_dx200_s4_firmware An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser. 2020-11-30 10 CVE-2020-29127
MISC
MISC
MISC
MISC
gym_management_system_project — gym_management_system An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter ‘id’ is vulnerable. 2020-12-02 7.5 CVE-2020-29288
MISC
MISC
MISC
hcltech — domino HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. 2020-12-02 10 CVE-2020-14260
MISC
hcltech — notes HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system. 2020-12-02 7.2 CVE-2020-4102
MISC
hp — edgeline_infrastructure_manager A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. 2020-12-02 10 CVE-2020-7199
MISC
huawei — fusioncompute FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. 2020-12-01 7.2 CVE-2020-9114
MISC
huawei — manageone ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. 2020-12-01 9 CVE-2020-9115
MISC
ibm — cloud_pak_for_security IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. 2020-11-30 9 CVE-2020-4627
XF
CONFIRM
linux — linux_kernel An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2020-12-02 9 CVE-2020-14305
MISC
MISC
MISC
mitsubishielectric — r00cpu_firmware Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2. 2020-11-30 7.8 CVE-2020-16850
MISC
MISC
moddable — moddable Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. 2020-12-04 7.5 CVE-2020-25462
MISC
MISC
multi_restaurant_table_reservation_system_project — multi_restaurant_table_reservation_system The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. 2020-12-02 7.5 CVE-2020-29284
MISC
MISC
MISC
online_doctor_appointment_booking_system_php_and_mysql_project — online_doctor_appointment_booking_system_php_and_mysql An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. 2020-12-02 7.5 CVE-2020-29283
MISC
MISC
pcanalyser — pc_analyser An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges. 2020-11-27 7.2 CVE-2020-28922
MISC
MISC
MISC
pcanalyser — pc_analyser An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. 2020-11-27 7.2 CVE-2020-28921
MISC
MISC
MISC
point_of_sales_in_php/pdo_project — point_of_sales_in_php/pdo SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. 2020-12-02 7.5 CVE-2020-29285
MISC
MISC
MISC
readymedia_project — readymedia ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. 2020-11-30 7.5 CVE-2020-28926
MISC
MISC
synology — safeaccess SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. 2020-11-30 10 CVE-2020-27660
CONFIRM
systeminformation — systeminformation npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite(). 2020-11-27 7.5 CVE-2020-26245
MISC
CONFIRM
ucms_project — ucms File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. 2020-11-30 10 CVE-2020-25537
MISC
MISC
valvesoftware — game_networking_sockets Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. 2020-12-02 7.5 CVE-2020-6018
MISC
victor_cms_project — victor_cms The Victor CMS v1.0 application is vulnerable to SQL injection via the ‘search’ parameter on the search.php page. 2020-12-02 7.5 CVE-2020-29280
MISC
MISC
MISC
vsolcn — v1600d_firmware An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in “upload tftp syslog” and “upload tftp configuration” in the CLI via a crafted filename. 2020-11-29 10 CVE-2020-29381
MISC
vsolcn — v1600d_firmware An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command. 2020-11-29 9 CVE-2020-29378
MISC
westerndigital — my_cloud_os_5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths. 2020-12-01 7.5 CVE-2020-28971
MISC
CONFIRM
westerndigital — my_cloud_os_5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.) 2020-12-01 7.5 CVE-2020-28970
MISC
CONFIRM
westerndigital — my_cloud_os_5 On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. 2020-12-01 7.5 CVE-2020-28940
MISC
CONFIRM
zeroshell — zeroshell Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. 2020-11-30 10 CVE-2020-29390
MISC
zte — zxv10_w908_firmware A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. 2020-12-01 7.5 CVE-2020-6880
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advancedsystemcare — advanced_systemcare There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) 2020-12-03 4.9 CVE-2020-23738
MISC
MISC
MISC
advsys — pngout An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow. 2020-11-30 4.3 CVE-2020-29384
MISC
MISC
MISC
amoisoft — anyview In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). 2020-12-03 4.9 CVE-2020-23741
MISC
MISC
MISC
antiy — antiy_zhijia_terminal_defense_system There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). 2020-12-03 4.9 CVE-2020-23727
MISC
MISC
MISC
apache — httpclient Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. 2020-12-02 5 CVE-2020-13956
MISC
MLIST
MLIST
atlassian — jira Affected versions of Automation for Jira – Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15. 2020-11-30 5.5 CVE-2020-14193
N/A
atx — minicmts200a_firmware A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request. 2020-12-01 5 CVE-2020-28993
MISC
MISC
bitrix24 — bitrix_framework An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An “User enumeration and Improper Restriction of Excessive Authentication Attempts” vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group. 2020-12-02 4 CVE-2020-28206
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. 2020-11-27 5 CVE-2019-19878
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. 2020-11-27 5 CVE-2019-19877
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983. 2020-11-27 5 CVE-2019-19873
MISC
br-automation — industrial_automation_aprol An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface. 2020-11-27 5 CVE-2019-19869
MISC
canon — mf237w_firmware An issue was discovered on Canon MF237w 06.07 devices. An “Improper Handling of Length Parameter Inconsistency” issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. 2020-11-30 5 CVE-2020-16849
MISC
CONFIRM
canto — canto The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. 2020-11-30 5 CVE-2020-28977
MISC
MISC
MISC
MISC
MISC
canto — canto The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. 2020-11-30 5 CVE-2020-28978
MISC
MISC
MISC
MISC
MISC
canto — canto The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. 2020-11-30 5 CVE-2020-28976
MISC
MISC
MISC
MISC
MISC
clmg — clmg A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. 2020-12-03 5.8 CVE-2020-25693
MISC
coremail_xt_project — coremail_xt jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. 2020-11-27 4.3 CVE-2020-29133
MISC
cpanel — cpanel In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). 2020-11-27 4 CVE-2020-29136
MISC
MISC
cpanel — cpanel cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). 2020-11-27 4.3 CVE-2020-29137
MISC
MISC
ctolog — thinkadmin ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. 2020-12-01 4.3 CVE-2020-29315
MISC
dadajiasu — dada_accelerator There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). 2020-12-03 4.9 CVE-2020-23736
MISC
MISC
MISC
desknets — neo Cross-site scripting vulnerability in desknet’s NEO (desknet’s NEO Small License V5.5 R1.5 and earlier, and desknet’s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors. 2020-12-03 4.3 CVE-2020-5638
MISC
MISC
dlt-daemon_project — dlt-daemon A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument). 2020-11-30 6.8 CVE-2020-29394
MISC
MISC
drivergenius — drivergenius In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. 2020-12-03 4.6 CVE-2020-23740
MISC
MISC
MISC
MISC
ec-cube — ec-cube Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted. 2020-12-03 4.3 CVE-2020-5679
MISC
MISC
ec-cube — ec-cube Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. 2020-12-03 5 CVE-2020-5680
MISC
MISC
eclipse — jetty In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. 2020-11-28 4.3 CVE-2020-27218
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
elastic — kibana The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7. 2020-12-02 5.8 CVE-2020-27816
MISC
hcltech — domino HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. 2020-12-01 5 CVE-2020-4128
MISC
hcltech — hcl_domino HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. 2020-12-01 5 CVE-2020-4129
MISC
hcltech — hcl_domino HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user’s system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. 2020-11-30 4.3 CVE-2020-4127
MISC
hcltech — hcl_inotes HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later. 2020-12-01 4.3 CVE-2020-4126
MISC
hibernate — hibernate_orm A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. 2020-12-02 5.8 CVE-2020-25638
MISC
huawei — fusioncompute Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. 2020-12-01 6.5 CVE-2020-9116
MISC
huawei — nova_4_firmware HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. 2020-12-01 4.6 CVE-2020-9117
MISC
ibm — cloud_pak_for_security IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789. 2020-11-30 4 CVE-2020-4696
XF
CONFIRM
ibm — cloud_pak_for_security IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362. 2020-11-30 4 CVE-2020-4626
XF
CONFIRM
ibm — cloud_pak_for_security IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. 2020-11-30 5 CVE-2020-4624
XF
CONFIRM
ibm — cloud_pak_for_security IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. 2020-11-30 5 CVE-2020-4625
XF
CONFIRM
jenkins — shelve_project A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. 2020-12-03 5.8 CVE-2020-2321
MLIST
CONFIRM
lenovo — pcmanager A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. 2020-11-30 4.6 CVE-2020-8351
CONFIRM
libvncserver_project — libvncserver A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. 2020-11-27 5 CVE-2020-25708
MISC
libxls_project — libxls An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. 2020-12-02 6.8 CVE-2017-2910
MISC
linux — linux_kernel An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. 2020-11-28 6.9 CVE-2020-29368
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. 2020-11-28 6.9 CVE-2020-29369
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. 2020-11-28 4.7 CVE-2020-29372
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. 2020-11-28 4.4 CVE-2020-29370
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. 2020-11-28 6.9 CVE-2020-29374
MISC
MISC
MISC
lxml — lxml A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. 2020-12-03 4.3 CVE-2020-27783
MISC
moddable — moddable Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). 2020-12-04 5 CVE-2020-25461
MISC
MISC
moddable — moddable Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger. 2020-12-04 5 CVE-2020-25464
MISC
moddable — moddable Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). 2020-12-04 5 CVE-2020-25465
MISC
MISC
moddable — moddable Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). 2020-12-04 5 CVE-2020-25463
MISC
MISC
myeventon — eventon The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. 2020-11-30 4.3 CVE-2020-29395
MISC
MISC
MISC
nlnetlabs — unbound An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. 2020-11-27 5 CVE-2020-10772
MISC
nodejs — node.js Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). 2020-12-03 6.4 CVE-2018-21270
MISC
MISC
MISC
online_voting_system_project — online_voting_system Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload. 2020-12-02 4.3 CVE-2020-29239
MISC
outsystems — outsystems An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. 2020-11-30 6.4 CVE-2020-29441
MISC
papermerge — papermerge Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document’s filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required. 2020-12-02 4.3 CVE-2020-29456
MISC
MISC
MISC
pbootcms — pbootcms Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. 2020-11-30 4.3 CVE-2020-17901
MISC
phoenixcontact — btp_2043w_firmware Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). 2020-12-02 5 CVE-2020-12524
CONFIRM
pimcore — pimcore Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. 2020-12-03 4 CVE-2020-26246
MISC
CONFIRM
pixar — openusd An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. 2020-12-02 4.3 CVE-2020-13498
MISC
pixar — openusd A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. 2020-12-02 4.3 CVE-2020-13494
MISC
pixar — openusd An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. 2020-12-02 4.3 CVE-2020-13496
MISC
pixar — openusd An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. 2020-12-02 4.3 CVE-2020-13497
MISC
pixar — openusd An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. 2020-12-03 4.3 CVE-2020-13524
MISC
pixar — openusd A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. 2020-12-02 6.8 CVE-2020-13493
MISC
processmaker — processmaker The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2020-12-03 6.5 CVE-2020-13525
MISC
qemu — qemu hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. 2020-11-30 6.4 CVE-2020-25624
MISC
quickheal — total_security Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. 2020-11-30 4.3 CVE-2020-27586
MISC
redhat — cloudforms This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. 2020-12-02 6.8 CVE-2020-14369
MISC
sagemcom — f@st_3486_router_firmware Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running. 2020-11-27 5 CVE-2020-29138
MISC
saibo — cyber_game_accelerator In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges 2020-12-03 4.6 CVE-2020-23735
MISC
MISC
samba — samba A flaw was found in samba’s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. 2020-12-02 4 CVE-2020-14383
MISC
MISC
samba — samba A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. 2020-12-03 4 CVE-2020-14318
MISC
MISC
schedmd — slurm Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. 2020-11-27 6.8 CVE-2020-27745
MISC
schedmd — slurm Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. 2020-11-27 4.3 CVE-2020-27746
MISC
schneider-electric — ecostruxure_energy_expert A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. 2020-12-01 6.5 CVE-2020-7547
MISC
schneider-electric — ecostruxure_energy_expert A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. 2020-12-01 6.5 CVE-2020-7545
MISC
softwaremill — akka-http-session This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. 2020-11-27 6.8 CVE-2020-7780
MISC
MISC
MISC
MISC
MISC
MISC
textpattern — textpattern Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. 2020-12-02 6.8 CVE-2020-29458
MISC
trendmicro — apex_one An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. 2020-12-01 5 CVE-2020-28576
MISC
MISC
MISC
trendmicro — apex_one An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. 2020-12-01 5 CVE-2020-28573
MISC
MISC
MISC
trendmicro — apex_one An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. 2020-12-01 5 CVE-2020-28577
MISC
MISC
MISC
trendmicro — apex_one An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. 2020-12-01 5 CVE-2020-28582
MISC
MISC
MISC
trendmicro — apex_one An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. 2020-12-01 5 CVE-2020-28583
MISC
MISC
MISC
trendmicro — serverprotect A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. 2020-12-01 4.6 CVE-2020-28575
MISC
MISC
umbraco — umbraco_cms Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. 2020-12-02 4 CVE-2020-29454
MISC
vsolcn — v1600d_firmware An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided. 2020-11-29 5 CVE-2020-29377
MISC
vsolcn — v1600d_firmware An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance. 2020-11-29 4.3 CVE-2020-29380
MISC
vsolcn — v1600d_firmware An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. 2020-11-29 4 CVE-2020-29375
MISC
vsolcn — v1600d_firmware An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service. 2020-11-29 5 CVE-2020-29376
MISC
we-con — plc_editor WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. 2020-12-01 6.8 CVE-2020-25177
MISC
we-con — plc_editor WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. 2020-12-01 6.8 CVE-2020-25181
MISC
weseek — growi Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. 2020-12-03 4.3 CVE-2020-5677
MISC
MISC
MISC
weseek — growi Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. 2020-12-03 4.3 CVE-2020-5678
MISC
MISC
MISC
weseek — growi GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. 2020-12-03 5 CVE-2020-5676
MISC
MISC
MISC
wisecleaner — wise_care_365 There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). 2020-12-03 4.9 CVE-2020-23726
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — cordova We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally. 2020-12-01 2.1 CVE-2020-11990
JVN
MISC
audacityteam — audacity Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. 2020-11-30 2.1 CVE-2020-11867
MISC
MISC
cpanel — cpanel cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). 2020-11-27 3.5 CVE-2020-29135
MISC
MISC
cyberark — endpoint_privilege_manager CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. 2020-11-27 1.9 CVE-2020-25738
MISC
MISC
ericsson — bscs_ix_r18_billing_&_rating_admx In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework. 2020-11-27 3.5 CVE-2020-29144
MISC
ericsson — bscs_ix_r18_billing_&_rating_admx In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework. 2020-11-27 3.5 CVE-2020-29145
MISC
ibm — business_automation_workflow IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. 2020-11-30 2.1 CVE-2020-4900
XF
CONFIRM
intelbras — tip200_firmware Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. 2020-11-27 3.5 CVE-2020-12262
MISC
MISC
lepton-cms — leptoncms Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered. 2020-12-02 3.5 CVE-2020-29240
MISC
MISC
linux — linux_kernel A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. 2020-12-02 1.9 CVE-2020-25656
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. 2020-11-28 2.1 CVE-2020-29373
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. 2020-11-28 2.1 CVE-2020-29371
MISC
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. 2020-11-28 1.9 CVE-2019-20934
MISC
MISC
MISC
lock_password_manager_safe_app_project — lock_password_manager_safe_app The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user. 2020-11-30 2.1 CVE-2020-29392
MISC
netartmedia — news_lister In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles. 2020-11-30 3.5 CVE-2020-29364
MISC
MISC
openclinic_project — openclinic OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. 2020-12-03 3.5 CVE-2020-28938
MISC
qemu — qemu hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. 2020-12-04 2.1 CVE-2020-28916
CONFIRM
MISC
quickheal — total_security Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. 2020-11-30 2.1 CVE-2020-27585
MISC
quickheal — total_security Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. 2020-11-30 2.1 CVE-2020-27587
MISC
sap — adaptive_server_enterprise In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions – 15.7, 16.0. 2020-11-30 2.7 CVE-2020-6317
MISC
MISC
schneider-electric — ecostruxure_energy_expert A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage. 2020-12-01 3.5 CVE-2020-7546
MISC
solarwinds — help_desk Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. 2020-12-01 3.5 CVE-2019-16958
MISC
MISC
synology — safeaccess Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. 2020-11-30 3.5 CVE-2020-27659
CONFIRM
tesla — model_x_firmware Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) 2020-11-30 2.1 CVE-2020-29439
MISC
tesla — model_x_firmware Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob. 2020-11-30 2.1 CVE-2020-29440
MISC
tesla — model_x_firmware Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip. 2020-11-30 3.3 CVE-2020-29438
MISC
vsolcn — v1600d4l_firmware An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access. 2020-11-29 2.1 CVE-2020-29379
MISC
vsolcn — v1600d4l_firmware An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images. 2020-11-29 2.1 CVE-2020-29383
MISC
vsolcn — v1600d_firmware An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images. 2020-11-29 2.1 CVE-2020-29382
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alfredo_milani_comparetti — speedfan
 
There is a local privilege escalation vulnerabiliy in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges 2020-12-03 not yet calculated CVE-2020-28175
MISC
MISC
MISC
allen-bradley — micrologix_1100_progammable_logic_controller_systems_series
 
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. 2020-12-03 not yet calculated CVE-2020-6111
MISC
apache — tomcat
 
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. 2020-12-03 not yet calculated CVE-2020-17527
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
appimage — appimaged
 
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it. 2020-12-02 not yet calculated CVE-2020-25266
MISC
appimage — libappimage
 
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. 2020-12-02 not yet calculated CVE-2020-25265
MISC
arachnys — cabot
 
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. 2020-12-04 not yet calculated CVE-2020-25449
MISC
MISC
MISC
MISC
check_point — endpoint_security_client
 
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges. 2020-12-03 not yet calculated CVE-2020-6021
MISC
cisco — ibevm
 
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability. 2020-12-02 not yet calculated CVE-2017-14451
MISC
fasterxml — jackson-databind A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. 2020-12-03 not yet calculated CVE-2020-25649
MISC
MISC
MLIST
gni_c_library — glibc
 
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. 2020-12-04 not yet calculated CVE-2020-29562
MISC
gorilla — websocket
 
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. 2020-12-02 not yet calculated CVE-2020-27813
MISC
MISC
hashicorp — go-slug
 
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks. 2020-12-03 not yet calculated CVE-2020-29529
MISC
MISC
imagemagik — imagemagik A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27776
MISC
imagemagik — imagemagik A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27775
MISC
imagemagik — imagemagik A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27767
MISC
imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. 2020-12-04 not yet calculated CVE-2020-27766
MISC
imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27765
MISC
imagemagik — imagemagik
 
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. 2020-12-03 not yet calculated CVE-2020-27764
MISC
MISC
imagemagik — imagemagik
 
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27772
MISC
imagemagik — imagemagik
 
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27771
MISC
imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27773
MISC
imagemagik — imagemagik
 
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. 2020-12-03 not yet calculated CVE-2020-27763
MISC
imagemagik — imagemagik
 
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. 2020-12-03 not yet calculated CVE-2020-27759
MISC
imagemagik — imagemagik
 
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it’s possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. 2020-12-03 not yet calculated CVE-2020-27760
MISC
imagemagik — imagemagik
 
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. 2020-12-03 not yet calculated CVE-2020-27761
MISC
imagemagik — imagemagik
 
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. 2020-12-03 not yet calculated CVE-2020-27762
MISC
imagemagik — imagemagik
 
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. 2020-12-04 not yet calculated CVE-2020-27770
MISC

imagemagik — imagemagik

 

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. 2020-12-04 not yet calculated CVE-2020-27774
MISC
infinispan — infinispan A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. 2020-12-03 not yet calculated CVE-2020-25711
MISC
jenkins — jenkins
 
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. 2020-12-03 not yet calculated CVE-2020-2323
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. 2020-12-03 not yet calculated CVE-2020-2322
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2020-12-03 not yet calculated CVE-2020-2324
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. 2020-12-03 not yet calculated CVE-2020-2320
MLIST
CONFIRM
jupyterhub — oauthenticator
 
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed. Provider-based restrictions, including deprecated values such as `GitHubOAuthenticator.org_whitelist` are **not** affected. All users of OAuthenticator 0.12.0 and 0.12.1 with JupyterHub 1.2 (JupyterHub Helm chart 0.10.0-0.10.5) who use the `admin.whitelist.users` configuration in the jupyterhub helm chart or the `c.Authenticator.whitelist` configuration directly. Users of other deprecated configuration, e.g. `c.GitHubOAuthenticator.team_whitelist` are **not** affected. If you see a log line like this and expect a specific list of allowed usernames: “[I 2020-11-27 16:51:54.528 JupyterHub app:1717] Not using allowed_users. Any authenticated user will be allowed.” you are likely affected. Updating oauthenticator to 0.12.2 is recommended. A workaround is to replace the deprecated `c.Authenticator.whitelist = …` with `c.Authenticator.allowed_users = …`. If any users have been authorized during this time who should not have been, they must be deleted via the API or admin interface, per the referenced documentation. 2020-12-01 not yet calculated CVE-2020-26250
MISC
MISC
CONFIRM
MISC
kaspersky — anti-ransomware_tool
 
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process. 2020-12-04 not yet calculated CVE-2020-28950
MISC
kia_motors — head_unit
 
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle. 2020-12-01 not yet calculated CVE-2020-8539
MISC
MISC
lightbend — play_framework
 
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON. 2020-12-03 not yet calculated CVE-2020-28923
MISC
CONFIRM
linux — linux_kernel
 
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2020-12-03 not yet calculated CVE-2020-14381
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. 2020-12-03 not yet calculated CVE-2020-29534
MISC
MISC
MISC
linux — linux_kernel
 
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-12-03 not yet calculated CVE-2020-14351
MISC
linux — linux_kernel
 
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. 2020-12-02 not yet calculated CVE-2020-25704
MISC
MISC
MISC
logicaldoc — logicaldoc
 
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. 2020-12-03 not yet calculated CVE-2020-13542
MISC
mcafee — total_protection
 
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window. 2020-12-01 not yet calculated CVE-2020-7335
CONFIRM
MISC
mitsubishi_electric_corporation — multiple_products
 
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur. 2020-12-04 not yet calculated CVE-2020-5675
MISC
MISC
MISC
netscout — airmagnet_enterprise
 
NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise. 2020-12-03 not yet calculated CVE-2020-28251
MISC
CONFIRM
openclinic — openclinic
 
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient’s medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. 2020-12-03 not yet calculated CVE-2020-28937
MISC
openclinic — openclinic
 
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server. 2020-12-03 not yet calculated CVE-2020-28939
MISC
opensis — community_edition
 
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. 2020-12-04 not yet calculated CVE-2020-27408
MISC
MISC
opensis — community_edition
 
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. 2020-12-04 not yet calculated CVE-2020-27409
MISC
MISC
MISC
openstack — horizon
 
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. 2020-12-04 not yet calculated CVE-2020-29565
MISC
MISC
MISC
pixar — openusd
 
A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. 2020-12-03 not yet calculated CVE-2020-13531
MISC
poppler — poppler
 
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the ‘pdftohtml’ program, would crash the application causing a denial of service. 2020-12-03 not yet calculated CVE-2020-27778
MISC
prestashop — prestashop
 
In the PrestaShop module “productcomments” before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. 2020-12-03 not yet calculated CVE-2020-26248
MISC
MISC
CONFIRM
MISC
python — openid_connect
 
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1. 2020-12-02 not yet calculated CVE-2020-26244
MISC
MISC
CONFIRM
MISC
qemu — qemu
 
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. 2020-12-02 not yet calculated CVE-2020-25723
MISC
qemu — qemu
 
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2020-12-03 not yet calculated CVE-2020-14339
MISC
rumkin — keyget
 
Prototype pollution vulnerability in ‘keyget’ versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. 2020-12-02 not yet calculated CVE-2020-28272
MISC
CONFIRM
rumkin — set-in
 
Prototype pollution vulnerability in ‘set-in’ versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. 2020-12-02 not yet calculated CVE-2020-28273
MISC
MISC
MISC
schneider_electric — multiple_products
 
A CWE-330 – Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login. 2020-12-01 not yet calculated CVE-2020-7548
MISC
schneider_electric — multiple_products
 
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. 2020-12-01 not yet calculated CVE-2020-7533
MISC
sonicboom — sonicboom
 
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception. 2020-12-04 not yet calculated CVE-2020-29561
MISC
trac_software — webkitgtk
 
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. 2020-12-03 not yet calculated CVE-2020-13584
FEDORA
MISC
trac_software — webkitgtk
 
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. 2020-12-03 not yet calculated CVE-2020-13543
MISC
ubuntu — containerd
 
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the “host” network namespace, for example with docker run –net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container’s privilege, regardless of what container runtime is used for running that container. 2020-12-01 not yet calculated CVE-2020-15257
MISC
MISC
CONFIRM
ubuntu — pulseaudio
 
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. 2020-12-04 not yet calculated CVE-2020-16123
UBUNTU
UBUNTU
ubuntu — snapcraft
 
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1. 2020-12-04 not yet calculated CVE-2020-27348
MISC
MISC
MISC
ubuntu — ubuntu
 
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn’t check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. 2020-12-02 not yet calculated CVE-2012-0955
UBUNTU
UBUNTU
valve — game_networking_sockets
 
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. 2020-12-03 not yet calculated CVE-2020-6017
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply

Verified by MonsterInsights