vulnerability summary for the week of may 25 ... - ug-cert.ug · ug-cert. this information may...
TRANSCRIPT
Vulnerability Summary for the Week of May 25, 2020
The vulnerabilities are based on the CVE vulnerability naming standard and are organized
according to severity, determined by the Common Vulnerability Scoring System (CVSS)
standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 -
10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score
of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 -
3.9
Entries may include additional information provided by organizations and efforts sponsored by
Ug-CERT. This information may include identifying information, values, definitions, and related
links. Patch information is provided when available. Please note that some of the information in
the bulletins is compiled from external, open source reports and is not a direct result of Ug-
CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
adminpanel -- adminplanel
Jason2605
AdminPanel 4.0
allows SQL Injection
via the editPlayer.php
hidden parameter.
2020-
05-24 7.5
CVE-
2020-
13433
MISC
MISC
apache -- kylin
Kylin has some
restful apis which will
concatenate os
command with the
user input string, a
user is likely to be
able to execute any os
command without any
protection or
validation.
2020-
05-22 9
CVE-
2020-
1956
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
aviatrix -- vpn_client
An Elevation of
Privilege issue was
discovered in Aviatrix
VPN Client before
2.10.7, because of an
incomplete fix for
CVE-2020-7224. This
affects Linux,
macOS, and
Windows installations
for certain OpenSSL
parameters.
2020-
05-22 7.5
CVE-
2020-
13417
MISC
bosch -- recording_station
Improper Access
Control in the Kiosk
Mode functionality of
Bosch Recording
Station allows a local
unauthenticated
attacker to escape
from the Kiosk Mode
and access the
underlying operating
system.
2020-
05-27 7.2
CVE-
2020-
6774
MISC
cisco --
prime_network_registrar
A vulnerability in the
DHCP server of
Cisco Prime Network
Registrar could allow
an unauthenticated,
remote attacker to
cause a denial of
service (DoS)
condition on an
affected device. The
vulnerability is due to
insufficient input
validation of
2020-
05-22 7.8
CVE-
2020-
3272
CISCO
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
incoming DHCP
traffic. An attacker
could exploit this
vulnerability by
sending a crafted
DHCP request to an
affected device. A
successful exploit
could allow the
attacker to cause a
restart of the DHCP
server process,
causing a DoS
condition.
cisco --
unified_contact_center_expres
s
A vulnerability in the
Java Remote
Management
Interface of Cisco
Unified Contact
Center Express
(Unified CCX) could
allow an
unauthenticated,
remote attacker to
execute arbitrary code
on an affected device.
The vulnerability is
due to insecure
deserialization of
user-supplied content
by the affected
software. An attacker
could exploit this
vulnerability by
sending a malicious
serialized Java object
to a specific listener
2020-
05-22 10
CVE-
2020-
3280
CISCO
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
on an affected system.
A successful exploit
could allow the
attacker to execute
arbitrary code as the
root user on an
affected device.
cybozu --
cybozu_desktop_for_windows
Cybozu Desktop for
Windows 2.0.23 to
2.2.40 allows remote
code execution via
unspecified vectors.
2020-
05-25 7.5
CVE-
2020-
5537
JVN
MISC
MISC
dext5 -- dext5_upload
A Remote code
execution
vulnerability exists in
DEXT5Upload in
DEXT5 through
2.7.1402870. An
attacker can upload a
PHP file via
dext5handler.jsp
handler because the
uploaded file is stored
under
dext5uploadeddata/.
2020-
05-25 7.5
CVE-
2020-
13442
MISC
dns-sync -- dns-sync
node-dns-sync (npm
module dns-sync)
through 0.2.0 allows
execution of arbitrary
commands . This
issue may lead to
remote code
execution if a client
2020-
05-28 7.5
CVE-
2020-
11079
MISC
CONFI
RM
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
of the library calls the
vulnerable method
with untrusted input.
This has been fixed in
0.2.1.
kaoni -- ezhttptrans
Ezhttptrans.ocx
ActiveX Control in
Kaoni ezHTTPTrans
1.0.0.70 and prior
versions contain a
vulnerability that
could allow remote
attacker to download
and execute arbitrary
file by setting the
arguments to the
activex method. This
can be leveraged for
code execution.
2020-
05-22 7.5
CVE-
2020-
7813
MISC
MISC
kaoni -- ezhttptrans
Ezhttptrans.ocx
ActiveX Control in
Kaoni ezHTTPTrans
1.0.0.70 and prior
versions contain a
vulnerability that
could allow remote
attacker to download
arbitrary file by
setting the arguments
to the activex method.
This can be leveraged
for code execution by
rebooting the victim’s
PC.
2020-
05-28 7.5
CVE-
2020-
7812
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
lenovo -- lj4010dn_devices
A denial of service
vulnerability was
reported in the
firmware prior to
version 1.01 used in
Lenovo Printer
LJ4010DN that could
be triggered by a
remote user sending a
crafted packet to the
device, preventing
subsequent print jobs
until the printer is
rebooted.
2020-
05-28 7.8
CVE-
2020-
8330
CONFI
RM
lenovo -- lj4010dn_devices
A denial of service
vulnerability was
reported in the
firmware prior to
version 1.01 used in
Lenovo Printer
LJ4010DN that could
be triggered by a
remote user sending a
crafted packet to the
device, causing an
error to be displayed
and preventing printer
from functioning until
the printer is
rebooted.
2020-
05-28 7.8
CVE-
2020-
8329
CONFI
RM
mozilla -- firefox
Incorrect origin
serialization of URLs
with IPv6 addresses
could lead to
incorrect security
checks. This
2020-
05-26 7.5
CVE-
2020-
12390
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
vulnerability affects
Firefox < 76.
mozilla -- firefox
Mozilla developers
and community
members reported
memory safety bugs
present in Firefox 75.
Some of these bugs
showed evidence of
memory corruption
and we presume that
with enough effort
some of these could
have been exploited
to run arbitrary code.
This vulnerability
affects Firefox < 76.
2020-
05-26 7.5
CVE-
2020-
12396
MISC
MISC
mozilla --
firefox_and_firefox_esr
The Firefox content
processes did not
sufficiently lockdown
access control which
could result in a
sandbox escape.
*Note: this issue only
affects Firefox on
Windows operating
systems.*. This
vulnerability affects
Firefox ESR < 68.8
and Firefox < 76.
2020-
05-26 7.5
CVE-
2020-
12389
MISC
MISC
MISC
mozilla --
firefox_and_firefox_esr
The Firefox content
processes did not
sufficiently lockdown
access control which
2020-
05-26 7.5
CVE-
2020-
12388
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
could result in a
sandbox escape.
*Note: this issue only
affects Firefox on
Windows operating
systems.*. This
vulnerability affects
Firefox ESR < 68.8
and Firefox < 76.
MISC
MISC
MISC
mozilla --
firefox_and_firefox_esr_and_t
hunderbird
Mozilla developers
and community
members reported
memory safety bugs
present in Firefox 75
and Firefox ESR
68.7. Some of these
bugs showed
evidence of memory
corruption and we
presume that with
enough effort some of
these could have been
exploited to run
arbitrary code. This
vulnerability affects
Firefox ESR < 68.8,
Firefox < 76, and
Thunderbird < 68.8.0.
2020-
05-26 10
CVE-
2020-
12395
MISC
MISC
MISC
MISC
mozilla --
firefox_and_firefox_esr_and_t
hunderbird
A buffer overflow
could occur when
parsing and validating
SCTP chunks in
WebRTC. This could
have led to memory
corruption and a
potentially
2020-
05-26 7.5
CVE-
2020-
6831
MISC
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
exploitable crash.
This vulnerability
affects Firefox ESR <
68.8, Firefox < 76,
and Thunderbird <
68.8.0.
python -- python
An exploitable
vulnerability exists in
the configuration-
loading functionality
of the jw.util package
before 2.3 for Python.
When loading a
configuration with
FromString or
FromStream with
YAML, one can
execute arbitrary
Python code,
resulting in OS
command execution,
because safe_load is
not used.
2020-
05-22 7.5
CVE-
2020-
13388
MISC
MISC
CONFI
RM
sqlite -- sqlite
ext/fts3/fts3.c in
SQLite before 3.32.0
has a use-after-free in
fts3EvalNextRow,
related to the snippet
feature.
2020-
05-27 7.5
CVE-
2020-
13630
MISC
MISC
sympa -- sympa
Sympa before 6.2.56
allows privilege
escalation.
2020-
05-27 7.2
CVE-
2020-
10936
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
MISC
MISC
tenda -- multiple_routers
An issue was
discovered on Tenda
AC6 V1.0
V15.03.05.19_multi_
TD01, AC9 V1.0
V15.03.05.19(6318)_
CN, AC9 V3.0
V15.03.06.42_multi,
AC15 V1.0
V15.03.05.19_multi_
TD01, and AC18
V15.03.05.19(6318_)
_CN devices. There is
a buffer overflow
vulnerability in the
router's web server --
httpd. While
processing the
/goform/setcfm
funcpara1 parameter
for a POST request, a
value is directly used
in a sprintf to a local
variable placed on the
stack, which
overwrites the return
address of a function.
An attacker can
construct a payload to
carry out arbitrary
code execution
attacks.
2020-
05-22 7.5
CVE-
2020-
13392
MISC
MISC
tenda -- multiple_routers
An issue was
discovered on Tenda
2020-
05-22 7.5
CVE-
2020-
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
AC6 V1.0
V15.03.05.19_multi_
TD01, AC9 V1.0
V15.03.05.19(6318)_
CN, AC9 V3.0
V15.03.06.42_multi,
AC15 V1.0
V15.03.05.19_multi_
TD01, and AC18
V15.03.05.19(6318_)
_CN devices. There is
a buffer overflow
vulnerability in the
router's web server --
httpd. While
processing the
/goform/SetNetContr
olList list parameter
for a POST request, a
value is directly used
in a strcpy to a local
variable placed on the
stack, which
overwrites the return
address of a function.
An attacker can
construct a payload to
carry out arbitrary
code execution
attacks.
13394
MISC
MISC
tenda -- multiple_routers
An issue was
discovered on Tenda
AC6 V1.0
V15.03.05.19_multi_
TD01, AC9 V1.0
V15.03.05.19(6318)_
CN, AC9 V3.0
2020-
05-22 7.5
CVE-
2020-
13393
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
V15.03.06.42_multi,
AC15 V1.0
V15.03.05.19_multi_
TD01, and AC18
V15.03.05.19(6318_)
_CN devices. There is
a buffer overflow
vulnerability in the
router's web server --
httpd. While
processing the
/goform/saveParentC
ontrolInfo deviceId
and time parameters
for a POST request, a
value is directly used
in a strcpy to a local
variable placed on the
stack, which
overwrites the return
address of a function.
An attacker can
construct a payload to
carry out arbitrary
code execution
attacks.
tenda -- multiple_routers
An issue was
discovered on Tenda
AC6 V1.0
V15.03.05.19_multi_
TD01, AC9 V1.0
V15.03.05.19(6318)_
CN, AC9 V3.0
V15.03.06.42_multi,
AC15 V1.0
V15.03.05.19_multi_
TD01, and AC18
2020-
05-22 7.5
CVE-
2020-
13391
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
V15.03.05.19(6318_)
_CN devices. There is
a buffer overflow
vulnerability in the
router's web server --
httpd. While
processing the
/goform/SetSpeedWa
n speed_dir parameter
for a POST request, a
value is directly used
in a sprintf to a local
variable placed on the
stack, which
overwrites the return
address of a function.
An attacker can
construct a payload to
carry out arbitrary
code execution
attacks.
tenda -- multiple_routers
An issue was
discovered on Tenda
AC6 V1.0
V15.03.05.19_multi_
TD01, AC9 V1.0
V15.03.05.19(6318)_
CN, AC9 V3.0
V15.03.06.42_multi,
AC15 V1.0
V15.03.05.19_multi_
TD01, and AC18
V15.03.05.19(6318_)
_CN devices. There is
a buffer overflow
vulnerability in the
router's web server --
2020-
05-22 7.5
CVE-
2020-
13390
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
httpd. While
processing the
/goform/addressNat
entrys and
mitInterface
parameters for a
POST request, a value
is directly used in a
sprintf to a local
variable placed on the
stack, which
overwrites the return
address of a function.
An attacker can
construct a payload to
carry out arbitrary
code execution
attacks.
tenda -- multiple_routers
An issue was
discovered on Tenda
AC6 V1.0
V15.03.05.19_multi_
TD01, AC9 V1.0
V15.03.05.19(6318)_
CN, AC9 V3.0
V15.03.06.42_multi,
AC15 V1.0
V15.03.05.19_multi_
TD01, and AC18
V15.03.05.19(6318_)
_CN devices. There is
a buffer overflow
vulnerability in the
router's web server --
httpd. While
processing the
/goform/openSchedW
2020-
05-22 7.5
CVE-
2020-
13389
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
ifi schedStartTime
and schedEndTime
parameters for a
POST request, a value
is directly used in a
strcpy to a local
variable placed on the
stack, which
overwrites the return
address of a function.
An attacker can
construct a payload to
carry out arbitrary
code execution
attacks.
trend_micro --
interscan_web_security_virtua
l_appliance
A vulnerability in
Trend Micro
InterScan Web
Security Virtual
Appliance 6.5 may
allow remote
attackers to bypass
authentication on
affected installations
of Trend Micro
InterScan Web
Security Virtual
Appliance.
2020-
05-27 7.5
CVE-
2020-
8606
MISC
MISC
ubiquiti --
airmax_xm_and_xw_and_ti_s
eries_devices
We have recently
released new version
of AirMax AirOS
firmware v6.3.0 for
TI, XW and XM
boards that fixes
vulnerabilities found
on AirMax AirOS
2020-
05-26 7.5
CVE-
2020-
8171
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
v6.2.0 and prior TI,
XW and XM boards,
according to the
description
below:There are
certain end-points
containing
functionalities that are
vulnerable to
command injection. It
is possible to craft an
input string that
passes the filter check
but still contains
commands, resulting
in remote code
execution.Mitigation:
Update to the latest
AirMax AirOS
firmware version
available at the
AirMax download
page.
vim -- vim
In Vim before
8.1.0881, users can
circumvent the rvim
restricted mode and
execute arbitrary OS
commands via
scripting interfaces
(e.g., Python, Ruby,
or Lua).
2020-
05-28 10
CVE-
2019-
20807
MISC
MISC
wordpress -- wordpress
An unauthenticated
privilege-escalation
issue exists in the
bbPress plugin before
2020-
05-29 7.5
CVE-
2020-
13693
MISC
Primary
Vendor -- Product Description
Publis
hed
CV
SS
Sco
re
Source
&
Patch
Info
2.6.5 for WordPress
when New User
Registration is
enabled.
MISC
MISC
Medium Vulnerabilities
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
aviatrix -- controller
An issue was
discovered in
Aviatrix
Controller
through 5.1. An
attacker with any
signed SAML
assertion from the
Identity Provider
can establish a
connection (even
if that SAML
assertion has
expired or is from
a user who is not
authorized to
access Aviatrix),
aka XML
Signature
Wrapping.
2020
-05-
22
5
CVE-
2020-
1341
5
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
aviatrix -- controller
An issue was
discovered in
Aviatrix
Controller before
5.4.1204. An API
call on the web
interface lacked a
session token
check to control
access, leading to
CSRF.
2020
-05-
22
6.8
CVE-
2020-
1341
2
MIS
C
aviatrix -- controller
An issue was
discovered in
Aviatrix
Controller before
5.4.1204. It
contains
credentials
unused by the
software.
2020
-05-
22
5
CVE-
2020-
1341
4
MIS
C
aviatrix -- controller
An issue was
discovered in
Aviatrix
Controller before
5.4.1204. There
is a Observable
Response
Discrepancy from
the API, which
makes it easier to
perform user
enumeration via
brute force.
2020
-05-
22
5
CVE-
2020-
1341
3
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
aviatrix -- controller
An issue was
discovered in
Aviatrix
Controller before
5.4.1066. A
Controller Web
Interface session
token parameter
is not required on
an API call,
which opens the
application up to
a Cross Site
Request Forgery
(CSRF)
vulnerability for
password resets.
2020
-05-
22
4.3
CVE-
2020-
1341
6
MIS
C
axel -- axel
An issue was
discovered in
ssl.c in Axel
before 2.17.8.
The TLS
implementation
lacks hostname
verification.
2020
-05-
26
4.3
CVE-
2020-
1361
4
MIS
C
MIS
C
centreon -- centreon
Cross-site
scripting (XSS)
vulnerability
allows remote
attackers to inject
arbitrary web
script or HTML
via the page
parameter to
2020
-05-
27
4.3
CVE-
2020-
1094
6
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
service-
monitoring/src/in
dex.php. This
vulnerability is
fixed in versions
1.6.4, 18.10.3,
19.04.3, and
19.0.1 of the
Centreon host-
monitoring
widget; 1.6.4,
18.10.5, 19.04.3,
19.10.2 of the
Centreon service-
monitoring
widget; and 1.0.3,
18.10.1, 19.04.1,
19.10.1 of the
Centreon tactical-
overview widget.
centreon -- centreon
Cross-site
scripting (XSS)
vulnerability
allows remote
attackers to inject
arbitrary web
script or HTML
via the widgetId
parameter to
host-
monitoring/src/to
olbar.php. This
vulnerability is
fixed in versions
1.6.4, 18.10.3,
2020
-05-
27
4.3
CVE-
2020-
1362
8
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
19.04.3, and
19.0.1 of the
Centreon host-
monitoring
widget; 1.6.4,
18.10.5, 19.04.3,
19.10.2 of the
Centreon service-
monitoring
widget; and 1.0.3,
18.10.1, 19.04.1,
19.10.1 of the
Centreon tactical-
overview widget.
centreon -- centreon
Cross-site
scripting (XSS)
vulnerability
allows remote
attackers to inject
arbitrary web
script or HTML
via the widgetId
parameter to
service-
monitoring/src/in
dex.php. This
vulnerability is
fixed in versions
1.6.4, 18.10.3,
19.04.3, and
19.0.1 of the
Centreon host-
monitoring
widget; 1.6.4,
18.10.5, 19.04.3,
2020
-05-
27
4.3
CVE-
2020-
1362
7
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
19.10.2 of the
Centreon service-
monitoring
widget; and 1.0.3,
18.10.1, 19.04.1,
19.10.1 of the
Centreon tactical-
overview widget.
cisco --
amp_for_endpoints_mac_connector
A vulnerability in
the file scan
process of Cisco
AMP for
Endpoints Mac
Connector
Software could
cause the scan
engine to crash
during the scan of
local files,
resulting in a
restart of the
AMP Connector
and a denial of
service (DoS)
condition of the
Cisco AMP for
Endpoints
service. The
vulnerability is
due to
insufficient input
validation of
specific file
attributes. An
attacker could
2020
-05-
22
5.8
CVE-
2020-
3314
CISC
O
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
exploit this
vulnerability by
providing a
crafted file to a
user of an
affected system.
A successful
exploit could
allow the attacker
to cause the
Cisco AMP for
Endpoints service
to crash, resulting
in missed
detection and
logging of the
potentially
malicious file.
Continued
attempts to scan
the file could
result in a DoS
condition of the
Cisco AMP for
Endpoints
service.
cisco --
prime_collaboration_provisioning_softw
are
A vulnerability in
the web-based
management
interface of Cisco
Prime
Collaboration
Provisioning
Software could
allow an
2020
-05-
22
6.5
CVE-
2020-
3184
CISC
O
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
authenticated,
remote attacker to
conduct SQL
injection attacks
on an affected
system. The
vulnerability
exists because the
web-based
management
interface
improperly
validates user
input for specific
SQL queries. An
attacker could
exploit this
vulnerability by
authenticating to
the application
with valid
administrative
credentials and
sending
malicious
requests to an
affected system.
A successful
exploit could
allow the attacker
to view
information that
they are not
authorized to
view, make
changes to the
system that they
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
are not authorized
to make, or delete
information from
the database that
they are not
authorized to
delete.
drupal -- drupal
An access bypass
vulnerability
exists when the
experimental
Workspaces
module in Drupal
8 core is enabled.
This can be
mitigated by
disabling the
Workspaces
module. It does
not affect any
release other than
Drupal 8.7.4.
2020
-05-
28
6.8
CVE-
2019-
6342
CON
FIR
M
em-http_request -- em-http-request
EM-HTTP-
Request 1.1.5
uses the library
eventmachine in
an insecure way
that allows an
attacker to
perform a man-
in-the-middle
attack against
users of the
library. The
2020
-05-
25
6.8
CVE-
2020-
1348
2
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
hostname in a
TLS server
certificate is not
verified.
epson -- eb-1470ui_devices
An exploitable
authentication
bypass
vulnerability
exists in the
ESPON Web
Control
functionality of
Epson EB-
1470Ui MAIN:
98009273ESWW
V107 MAIN2:
8X7325WWV30
3. A specially
crafted series of
HTTP requests
can cause
authentication
bypass resulting
in information
disclosure. An
attacker can send
an HTTP request
to trigger this
vulnerability.
2020
-05-
22
6.4
CVE-
2020-
6091
MIS
C
ffipeg -- ffipeg
ffjpeg through
2020-02-24 has a
heap-based buffer
over-read in
2020
-05-
24
4.3
CVE-
2020-
1343
9
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
jfif_decode in
jfif.c.
MIS
C
ffipeg -- ffipeg
ffjpeg through
2020-02-24 has
an invalid read in
jfif_encode in
jfif.c.
2020
-05-
24
4.3
CVE-
2020-
1343
8
MIS
C
ffipeg -- ffipeg
ffjpeg through
2020-02-24 has
an invalid write
in bmp_load in
bmp.c.
2020
-05-
24
4.3
CVE-
2020-
1344
0
MIS
C
fork -- fork_cms
Fork before 5.8.3
allows XSS via
navigation_title
or title.
2020
-05-
27
4.3
CVE-
2020-
1363
3
MIS
C
freerdp -- freerdp
In FreeRDP less
than or equal to
2.0.0, a possible
resource
exhaustion
vulnerability can
be performed.
Malicious clients
could trigger out
of bound reads
2020
-05-
29
4
CVE-
2020-
1101
8
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
causing memory
allocation with
random size. This
has been fixed in
2.1.0.
freerdp -- freerdp
In FreeRDP less
than or equal to
2.0.0, by
providing
manipulated
input a malicious
client can create a
double free
condition and
crash the server.
This is fixed in
version 2.1.0.
2020
-05-
29
5
CVE-
2020-
1101
7
CON
FIR
M
gnome -- glib-networking
In GNOME glib-
networking
through 2.64.2,
the
implementation
of
GTlsClientConne
ction skips
hostname
verification of the
server's TLS
certificate if the
application fails
to specify the
expected server
identity. This is
in contrast to its
2020
-05-
28
6.4
CVE-
2020-
1364
5
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
intended
documented
behavior, to fail
the certificate
verification.
Applications that
fail to provide the
server identity,
including Balsa
before 2.5.11 and
2.6.x before
2.6.1, accept a
TLS certificate if
the certificate is
valid for any
host.
grafana_labs -- grafana
Grafana before
7.0.0 allows tag
value XSS via the
OpenTSDB
datasource.
2020
-05-
24
4.3
CVE-
2020-
1343
0
MIS
C
MIS
C
CON
FIR
M
ibm -- business_automation_workflow
IBM Business
Automation
Workflow 18 and
19, and IBM
Business Process
Manager 8.0, 8.5,
and 8.6 could
2020
-05-
29
5.8
CVE-
2020-
4490
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
allow a remote
attacker to bypass
security
restrictions,
caused by a
reverse
tabnabbing flaw.
An attacker could
exploit this
vulnerability and
redirect a vitcim
to a phishing site.
IBM X-Force ID:
181989
ibm -- mobilefirst_platform_foundation
IBM MobileFirst
Platform
Foundation
8.0.0.0 stores
highly sensitive
information in
URL parameters.
This may lead to
information
disclosure if
unauthorized
parties have
access to the
URLs via server
logs, referrer
header or browser
history. IBM X-
Force ID:
175207.
2020
-05-
27
5
CVE-
2020-
4226
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
ibm -- mq_for_hpe_nonstop
IBM MQ on HPE
NonStop 8.0.4
and 8.1.0 is
vulnerable to a
privilege
escalation attack
when running in
restricted mode.
IBM X-Force ID:
178427.
2020
-05-
29
4.4
CVE-
2020-
4352
XF
CON
FIR
M
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
could disclose
highly sensitive
information to
other
authenticated
users on the
sytem due to
incorrect
authorization.
IBM X-Force ID:
175485.
2020
-05-
28
4
CVE-
2020-
4249
XF
CON
FIR
M
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
could allow a
remote attacker to
obtain sensitive
information when
a detailed
2020
-05-
28
4
CVE-
2020-
4248
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
technical error
message is
returned in the
browser. This
information could
be used in further
attacks against
the system. IBM
X-Force ID:
175484.
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
could allow an
authenticated
user to perform
unauthorized
commands due to
hazardous input
validation. IBM
X-Force ID:
175335.
2020
-05-
28
4
CVE-
2020-
4231
XF
CON
FIR
M
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
could allow a
remote attacker to
obtain sensitive
information,
caused by the
failure to set the
secure flag for
2020
-05-
28
5
CVE-
2020-
4233
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
the session
cookie in SSL
mode. By
intercepting its
transmission
within an HTTP
session, an
attacker could
exploit this
vulnerability to
capture the
cookie and obtain
sensitive
information. IBM
X-Force ID:
175360.
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
could allow an
unauthorized user
to obtain
sensitive
information
through user
enumeration.
IBM X-Force ID:
175422.
2020
-05-
28
5
CVE-
2020-
4244
XF
CON
FIR
M
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
does not require
2020
-05-
28
5
CVE-
2020-
4245
XF
CON
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
that users should
have strong
passwords by
default, which
makes it easier
for attackers to
compromise user
accounts. IBM X-
Force ID:
175423.
FIR
M
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
could allow an
attacker to
enumerate
usernames to find
valid login
credentials which
could be used to
attempt further
attacks against
the system. IBM
X-Force ID:
175336.
2020
-05-
28
5
CVE-
2020-
4232
XF
CON
FIR
M
ibm --
security_identity_governance_and_intell
igence
IBM Security
Identity
Governance and
Intelligence 5.2.6
is vulnerable to
an XML External
Entity Injection
(XXE) attack
2020
-05-
28
5.5
CVE-
2020-
4246
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
when processing
XML data. A
remote attacker
could exploit this
vulnerability to
expose sensitive
information or
consume memory
resources. IBM
X-Force ID:
175481.
ibm -- spectrum_scale
IBM Spectrum
Scale 5.0.0.0
through 5.0.4.4
uses weaker than
expected
cryptographic
algorithms that
could allow an
attacker to
decrypt highly
sensitive
information. IBM
X-Force ID:
178424.
2020
-05-
27
5
CVE-
2020-
4350
XF
CON
FIR
M
ibm -- spectrum_scale
IBM Spectrum
Scale 5.0.0.0
through 5.0.4.4
could allow a
privileged
authenticated
user to perform
unauthorized
actions using a
2020
-05-
27
4
CVE-
2020-
4378
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
specially crated
HTTP POST
command. IBM
X-Force ID:
179157.
ibm -- spectrum_scale
IBM Spectrum
Scale 5.0.0.0
through 5.0.4.4
uses weaker than
expected
cryptographic
algorithms that
could allow an
attacker to
decrypt highly
sensitive
information. IBM
X-Force ID:
178423.
2020
-05-
27
5
CVE-
2020-
4349
XF
CON
FIR
M
ibm -- spectrum_scale
IBM Spectrum
Scale 5.0.0.0
through 5.0.4.4
could allow a
remote attacker to
obtain sensitive
information when
a detailed
technical error
message is
returned in the
browser. This
information could
be used in further
attacks against
2020
-05-
27
4
CVE-
2020-
4357
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
the system. IBM
X-Force ID:
178761.
ibm -- spectrum_scale
IBM Spectrum
Scale 4.2.0.0
through 4.2.3.21
and 5.0.0.0
through 5.0.4.4
could allow an
authenticated
GUI user to
perform
unauthorized
actions due to
missing function
level access
control. IBM X-
Force ID: 178414
2020
-05-
27
4
CVE-
2020-
4348
XF
CON
FIR
M
ibm -- spectrum_scale
IBM Spectrum
Scale 5.0.0.0
through 5.0.4.4
uses weaker than
expected
cryptographic
algorithms that
could allow an
attacker to
decrypt highly
sensitive
information. IBM
X-Force ID:
179158.
2020
-05-
27
5
CVE-
2020-
4379
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
jerryscript -- jerryscript
JerryScript 2.2.0
allows attackers
to cause a denial
of service (stack
consumption) via
a proxy
operation.
2020
-05-
27
5
CVE-
2020-
1362
3
MIS
C
jerryscript -- jerryscript
parser/js/js-
scanner.c in
JerryScript 2.2.0
mishandles errors
during certain
out-of-memory
conditions, as
demonstrated by
a
scanner_reverse_i
nfo_list NULL
pointer
dereference and a
scanner_scan_all
assertion failure.
2020
-05-
28
5
CVE-
2020-
1364
9
MIS
C
MIS
C
MIS
C
jerryscript -- jerryscript
JerryScript 2.2.0
allows attackers
to cause a denial
of service
(assertion failure)
because a
property key
query for a Proxy
object returns
unintended data.
2020
-05-
27
5
CVE-
2020-
1362
2
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
joomla! -- joomla!
The XCloner
component
before 3.5.4 for
Joomla! allows
Authenticated
Local File
Disclosure.
2020
-05-
23
4
CVE-
2020-
1342
4
MIS
C
kaminari -- kaminari
In Kaminari
before 1.2.1,
there is a
vulnerability that
would allow an
attacker to inject
arbitrary code
into pages with
pagination links.
This has been
fixed in 1.2.1.
2020
-05-
28
4.3
CVE-
2020-
1108
2
MIS
C
MIS
C
CON
FIR
M
linux -- linux_kernel
An issue was
discovered in the
Linux kernel
before 5.2. There
is a NULL
pointer
dereference in
tw5864_handle_f
rame() in
drivers/media/pci
/tw5864/tw5864-
video.c, which
may cause denial
of service, aka
CID-
2e7682ebfc75.
2020
-05-
27
5
CVE-
2019-
2080
6
MIS
C
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
linux -- linux_kernel
A NULL pointer
dereference flaw
was found in the
Linux kernel's
SELinux
subsystem in
versions before
5.7. This flaw
occurs while
importing the
Commercial IP
Security Option
(CIPSO)
protocol's
category bitmap
into the SELinux
extensible bitmap
via the'
ebitmap_netlbl_i
mport' routine.
While processing
the CIPSO
restricted bitmap
tag in the
'cipso_v4_parseta
g_rbm' routine, it
sets the security
attribute to
indicate that the
category bitmap
is present, even if
it has not been
allocated. This
issue leads to a
NULL pointer
dereference issue
while importing
2020
-05-
22
5
CVE-
2020-
1071
1
CON
FIR
M
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
the same category
bitmap into
SELinux. This
flaw allows a
remote network
user to crash the
system kernel,
resulting in a
denial of service.
meinheld -- meinheld
meinheld prior to
1.0.2 is
vulnerable to
HTTP Request
Smuggling.
HTTP pipelining
issues and request
smuggling
attacks might be
possible due to
incorrect
Content-Length
and Transfer
encoding header
parsing.
2020
-05-
22
4.3
CVE-
2020-
7658
MIS
C
MIS
C
monstra -- monstra_cms
Monstra CMS
3.0.4 allows
remote
authenticated
users to upload
and execute
arbitrary PHP
code via
admin/index.php?
id=filesmanager
2020
-05-
22
6.5
CVE-
2020-
1338
4
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
because, for
example, .php
filenames are
blocked but .php7
filenames are not,
a related issue to
CVE-2017-
18048.
mozilla -- firefox
Documents
formed using
data: URLs in an
OBJECT element
failed to inherit
the CSP of the
creating context.
This allowed the
execution of
scripts that
should have been
blocked, albeit
with a unique
opaque origin.
This vulnerability
affects Firefox <
76.
2020
-05-
26
5
CVE-
2020-
1239
1
MIS
C
MIS
C
mozilla --
firefox_and_firefox_esr_and_thunderbir
d
A race condition
when running
shutdown code
for Web Worker
led to a use-after-
free vulnerability.
This resulted in a
potentially
exploitable crash.
2020
-05-
26
6.8
CVE-
2020-
1238
7
MIS
C
MIS
C
MIS
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
This vulnerability
affects Firefox
ESR < 68.8,
Firefox < 76, and
Thunderbird <
68.8.0.
C
MIS
C
mozilla --
firefox_and_firefox_esr_and_thunderbir
d
The 'Copy as
cURL' feature of
Devtools'
network tab did
not properly
escape the HTTP
method of a
request, which
can be controlled
by the website. If
a user used the
'Copy as cURL'
feature and
pasted the
command into a
terminal, it could
have resulted in
command
injection and
arbitrary
command
execution. *Note:
this issue only
affects Firefox on
Windows
operating
systems.*. This
vulnerability
affects Firefox
2020
-05-
26
4.6
CVE-
2020-
1239
3
MIS
C
MIS
C
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
ESR < 68.8,
Firefox < 76, and
Thunderbird <
68.8.0.
mozilla -- firefox_for_ios
For native-to-JS
bridging, the app
requires a unique
token to be
passed that
ensures non-app
code can't call the
bridging
functions. That
token was being
used for JS-to-
native also, but it
isn't needed in
this case, and its
usage was also
leaking this
token. This
vulnerability
affects Firefox
for iOS < 25.
2020
-05-
26
5
CVE-
2020-
6830
MIS
C
MIS
C
mozilla -- thunderbird
By encoding
Unicode
whitespace
characters within
the From email
header, an
attacker can
spoof the sender
email address that
Thunderbird
2020
-05-
22
4.3
CVE-
2020-
1239
7
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
displays. This
vulnerability
affects
Thunderbird <
68.8.0.
netgear -- multiple_devices
Certain
NETGEAR
devices are
affected by
Missing SSL
Certificate
Validation. This
affects R7000
1.0.9.6_1.2.19
through
1.0.11.100_10.2.
10, and possibly
R6120, R7800,
R6220, R8000,
R6350, R9000,
R6400, RAX120,
R6400v2,
RBR20, R6800,
XR300, R6850,
XR500, and
R7000P.
2020
-05-
28
4.3
CVE-
2020-
1324
5
MIS
C
MIS
C
netqmail -- netqmail
qmail-verify as
used in netqmail
1.06 is prone to a
mail-address
verification
bypass
vulnerability.
2020
-05-
26
5
CVE-
2020-
3811
CON
FIR
M
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
CON
FIR
M
pi-hole -- pi-hole
Pi-hole Web
v4.3.2 (aka
AdminLTE)
allows Remote
Code Execution
by privileged
dashboard users
via a crafted
DHCP static
lease.
2020
-05-
29
6.5
CVE-
2020-
8816
CON
FIR
M
MIS
C
pichi -- pichi
The boost ASIO
wrapper in
net/asio.cpp in
Pichi before 1.3.0
lacks TLS
hostname
verification.
2020
-05-
26
4.3
CVE-
2020-
1361
6
MIS
C
MIS
C
pixel_&_tonic -- craft_cms
The Knock
Knock plugin
before 1.2.8 for
Craft CMS
allows malicious
redirection.
2020
-05-
25
5.8
CVE-
2020-
1348
6
MIS
C
pixel_&_tonic -- craft_cms
The Knock
Knock plugin
before 1.2.8 for
2020
-05-
25
6.4
CVE-
2020-
1348
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
Craft CMS
allows IP
Whitelist bypass
via an X-
Forwarded-For
HTTP header.
5
MIS
C
MIS
C
pixel_&_tonic -- craft_cms
An issue was
discovered in the
Image Resizer
plugin before
2.0.9 for Craft
CMS. There are
CSRF issues with
the log-clear
controller action.
2020
-05-
25
6.8
CVE-
2020-
1345
8
MIS
C
protocol_labs -- aegir
In AEgir greater
than or equal to
21.7.0 and less
than 21.10.1,
aegir publish and
aegir build may
leak secrets from
environment
variables in the
browser bundle
published to npm.
This has been
fixed in 21.10.1.
2020
-05-
27
5
CVE-
2020-
1105
9
CON
FIR
M
puma_gem_for_ruby_on_rails --
puma_gem_for_ruby_on_rails
In Puma
(RubyGem)
before 4.3.5 and
3.12.6, a client
2020
-05-
22
5
CVE-
2020-
1107
7
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
could smuggle a
request through a
proxy, causing
the proxy to send
a response back
to another
unknown client.
If the proxy uses
persistent
connections and
the client adds
another request in
via HTTP
pipelining, the
proxy may
mistake it as the
first request's
body. Puma,
however, would
see it as two
requests, and
when processing
the second
request, send
back a response
that the proxy
does not expect.
If the proxy has
reused the
persistent
connection to
Puma to send
another request
for a different
client, the second
response from the
first client will be
MIS
C
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
sent to the second
client. This is a
similar but
different
vulnerability
from CVE-2020-
11076. The
problem has been
fixed in Puma
3.12.6 and Puma
4.3.5.
puma_gem_for_ruby_on_rails --
puma_gem_for_ruby_on_rails
In Puma
(RubyGem)
before 4.3.4 and
3.12.5, an
attacker could
smuggle an
HTTP response,
by using an
invalid transfer-
encoding header.
The problem has
been fixed in
Puma 3.12.5 and
Puma 4.3.4.
2020
-05-
22
5
CVE-
2020-
1107
6
MIS
C
MIS
C
CON
FIR
M
qore -- qore
lib/QoreSocket.c
pp in Qore before
0.9.4.2 lacks
hostname
verification for
X.509
certificates.
2020
-05-
26
4.3
CVE-
2020-
1361
5
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
red_hat -- undertow
A flaw was found
in Undertow in
versions before
2.1.1.Final,
regarding the
processing of
invalid HTTP
requests with
large chunk sizes.
This flaw allows
an attacker to
take advantage of
HTTP request
smuggling.
2020
-05-
26
6.4
CVE-
2020-
1071
9
CON
FIR
M
sqlite -- sqlite
SQLite through
3.32.0 has a
segmentation
fault in
sqlite3ExprCode
Target in expr.c.
2020
-05-
24
5
CVE-
2020-
1343
5
CON
FIR
M
MIS
C
sqlite -- sqlite
SQLite through
3.32.0 has an
integer overflow
in
sqlite3_str_vappe
ndf in printf.c.
2020
-05-
24
5
CVE-
2020-
1343
4
MLI
ST
CON
FIR
M
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
MIS
C
sqlite -- sqlite
SQLite before
3.32.0 allows a
virtual table to be
renamed to the
name of one of its
shadow tables,
related to alter.c
and build.c.
2020
-05-
27
5
CVE-
2020-
1363
1
MIS
C
MIS
C
sqlite -- sqlite
ext/fts3/fts3_snip
pet.c in SQLite
before 3.32.0 has
a NULL pointer
dereference via a
crafted
matchinfo()
query.
2020
-05-
27
5
CVE-
2020-
1363
2
MIS
C
MIS
C
teradici --
pcoip_standard_agent_for_windows_an
d_pcoip_graphics_agent_for_windows
Initialization of
the
pcoip_credential_
provider in
Teradici PCoIP
Standard Agent
for Windows and
PCoIP Graphics
Agent for
Windows
versions 19.11.1
and earlier
creates an
insecure named
2020
-05-
28
4.6
CVE-
2020-
1317
3
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
pipe, which
allows an attacker
to intercept
sensitive
information or
possibly elevate
privileges via
pre-installing an
application which
acquires that
named pipe.
trackr -- multiple_devices
TrackR devices
through 2020-05-
06 allow
attackers to
trigger the Beep
(aka alarm)
feature, which
will eventually
cause a denial of
service when
battery capacity
is exhausted.
2020
-05-
23
6.8
CVE-
2020-
1342
5
MIS
C
trend_micro --
interscan_web_security_virtual_applian
ce
A vulnerability in
Trend Micro
InterScan Web
Security Virtual
Appliance 6.5
may allow remote
attackers to
execute arbitrary
code on affected
installations.
Authentication is
2020
-05-
27
6.5
CVE-
2020-
8605
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
required to
exploit this
vulnerability.
trend_micro --
interscan_web_security_virtual_applian
ce
A vulnerability in
Trend Micro
InterScan Web
Security Virtual
Appliance 6.5
may allow remote
attackers to
disclose sensitive
informatoin on
affected
installations.
2020
-05-
27
5
CVE-
2020-
8604
MIS
C
MIS
C
trend_micro --
interscan_web_security_virtual_applian
ce
A cross-site
scripting
vulnerability
(XSS) in Trend
Micro InterScan
Web Security
Virtual Appliance
6.5 may allow a
remote attacker to
tamper with the
web interface of
affected
installations. User
interaction is
required to
exploit this
vulnerability in
that the target
must visit a
malicious page or
2020
-05-
27
4.3
CVE-
2020-
8603
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
open a malicious
file.
ubiquiti --
airmax_xm_and_xw_and_ti_series_devi
ces
We have recently
released new
version of
AirMax AirOS
firmware v6.3.0
for TI, XW and
XM boards that
fixes
vulnerabilities
found on AirMax
AirOS v6.2.0 and
prior TI, XW and
XM boards,
according to the
description
below:Multiple
end-points with
parameters
vulnerable to
reflected cross
site scripting
(XSS), allowing
attackers to abuse
the user' session
information
and/or account
takeover of the
admin
user.Mitigation:U
pdate to the latest
AirMax AirOS
firmware version
available at the
2020
-05-
26
4.3
CVE-
2020-
8170
MIS
C
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
AirMax
download page.
ubiquiti --
airmax_xm_and_xw_and_ti_series_devi
ces
We have recently
released new
version of
AirMax AirOS
firmware v6.3.0
for TI, XW and
XM boards that
fixes
vulnerabilities
found on AirMax
AirOS v6.2.0 and
prior TI, XW and
XM boards,
according to the
description
below:Attackers
can abuse
multiple end-
points not
protected against
cross-site request
forgery (CSRF),
as a result
authenticated
users can be
persuaded to visit
malicious web
pages, which
allows attackers
to perform
arbitrary actions,
such as
downgrade the
2020
-05-
26
6.8
CVE-
2020-
8168
MIS
C
MIS
C
MIS
C
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
device's firmware
to older versions,
modify
configuration,
upload arbitrary
firmware,
exfiltrate files
and
tokens.Mitigation
:Update to the
latest AirMax
AirOS firmware
version available
at the AirMax
download page.
wordpress -- wordpress
An issue was
discovered in the
SiteOrigin Page
Builder plugin
before 2.10.16 for
WordPress. The
action_builder_co
ntent function did
not do any nonce
verification,
allowing for
requests to be
forged on behalf
of an
administrator.
The panels_data
$_POST variable
allows for
malicious
JavaScript to be
2020
-05-
28
6.8
CVE-
2020-
1364
2
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
executed in the
victim's browser.
wordpress -- wordpress
An issue was
discovered in the
SiteOrigin Page
Builder plugin
before 2.10.16 for
WordPress. The
live editor feature
did not do any
nonce
verification,
allowing for
requests to be
forged on behalf
of an
administrator.
The
live_editor_panel
s_data $_POST
variable allows
for malicious
JavaScript to be
executed in the
victim's browser.
2020
-05-
28
6.8
CVE-
2020-
1364
3
MIS
C
MIS
C
wordpress -- wordpress
An issue was
discovered in the
Real-Time Find
and Replace
plugin before
4.0.2 for
WordPress. The
far_options_page
function did not
2020
-05-
28
6.8
CVE-
2020-
1364
1
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
do any nonce
verification,
allowing for
requests to be
forged on behalf
of an
administrator.
The find and
replace rules
could be updated
with malicious
JavaScript,
allowing for that
be executed later
in the victims
browser.
wordpress -- wordpress
The mappress-
google-maps-for-
wordpress plugin
before 2.54.6 for
WordPress does
not correctly
implement
capability checks
for AJAX
functions related
to
creation/retrieval/
deletion of PHP
template files,
leading to
Remote Code
Execution.
NOTE: this issue
exists because of
2020
-05-
29
6.5
CVE-
2020-
1267
5
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
VS
S
Sc
or
e
Sour
ce &
Patc
h
Info
an incomplete fix
for CVE-2020-
12077.
youhua -- windows_master
In Windows
Master (aka
Windows
Optimization
Master)
7.99.13.604, the
driver file
(WoptiHWDetect
.SYS) allows
local users to
cause a denial of
service (BSOD)
or possibly have
unspecified other
impact because of
not validating
input values from
IOCtl
0xF1002558
2020
-05-
29
6.1
CVE-
2020-
1363
4
MIS
C
MIS
C
Low Vulnerabilities
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
centreon -- centreon
Centreon before
19.10.7 exposes
Session IDs in server
responses.
2020
-05-
27
3.
3
CVE
-
2020
-
1094
5
MIS
C
cisco --
endpoints_linux_connector_software
_and_endpoints_mac_connector_soft
ware
A vulnerability in
Cisco AMP for
Endpoints Linux
Connector Software
and Cisco AMP for
Endpoints Mac
Connector Software
could allow an
authenticated, local
attacker to cause a
buffer overflow on
an affected device.
The vulnerability is
due to insufficient
input validation. An
attacker could
exploit this
vulnerability by
sending a crafted
packet to an affected
device. A successful
exploit could allow
the attacker to cause
the Cisco AMP for
Endpoints service to
crash and restart.
2020
-05-
22
2.
1
CVE
-
2020
-
3344
CISC
O
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
cisco --
endpoints_linux_connector_software
_and_endpoints_mac_connector_soft
ware
A vulnerability in
Cisco AMP for
Endpoints Linux
Connector Software
and Cisco AMP for
Endpoints Mac
Connector Software
could allow an
authenticated, local
attacker to cause a
buffer overflow on
an affected device.
The vulnerability is
due to insufficient
input validation. An
attacker could
exploit this
vulnerability by
sending a crafted
packet to an affected
device. A successful
exploit could allow
the attacker to cause
the Cisco AMP for
Endpoints service to
crash and restart.
2020
-05-
22
2.
1
CVE
-
2020
-
3343
CISC
O
cmsmadesimple -- cms_made_simple
CMS Made Simple
through 2.2.14
allows XSS via a
crafted File Picker
profile name.
2020
-05-
28
3.
5
CVE
-
2020
-
1366
0
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
MIS
C
cybozu -- kinton_mobile_for_android
Android App
'kintone mobile for
Android' 1.0.0 to 2.5
allows an attacker to
obtain credential
information
registered in the
product via
unspecified vectors.
2020
-05-
29
2.
1
CVE
-
2020
-
5573
MIS
C
MIS
C
cybozu -- mailwise_for_android
Android App
'Mailwise for
Android' 1.0.0 to
1.0.1 allows an
attacker to obtain
credential
information
registered in the
product via
unspecified vectors.
2020
-05-
29
2.
1
CVE
-
2020
-
5572
MIS
C
MIS
C
dell --
client_consumer_and_commercial_do
cking_stations
Dell Dock Firmware
Update Utilities for
Dell Client
Consumer and
Commercial docking
stations contain an
Arbitrary File
Overwrite
vulnerability. The
vulnerability is
limited to the Dell
2020
-05-
28
2.
6
CVE
-
2020
-
5357
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
Dock Firmware
Update Utilities
during the time
window while being
executed by an
administrator.
During this time
window, a locally
authenticated low-
privileged malicious
user could exploit
this vulnerability by
tricking an
administrator into
overwriting arbitrary
files via a symlink
attack. The
vulnerability does
not affect the actual
binary payload that
the update utility
delivers.
freerdp -- freerdp
An issue was
discovered in
FreeRDP before
2.1.1. An out-of-
bounds (OOB) read
vulnerability has
been detected in
ntlm_read_Challenge
Message in
winpr/libwinpr/sspi/
NTLM/ntlm_messag
e.c.
2020
-05-
22
2.
1
CVE
-
2020
-
1339
6
MIS
C
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
freerdp -- freerdp
An issue was
discovered in
FreeRDP before
2.1.1. An out-of-
bounds (OOB) write
vulnerability has
been detected in
crypto_rsa_common
in
libfreerdp/crypto/cry
pto.c.
2020
-05-
22
2.
1
CVE
-
2020
-
1339
8
MIS
C
MIS
C
MIS
C
freerdp -- freerdp
An issue was
discovered in
FreeRDP before
2.1.1. An out-of-
bounds (OOB) read
vulnerability has
been detected in
security_fips_decryp
t in
libfreerdp/core/securi
ty.c due to an
uninitialized value.
2020
-05-
22
2.
1
CVE
-
2020
-
1339
7
MIS
C
MIS
C
MIS
C
grafana_labs -- grafana
legend.ts in the
piechart-panel (aka
Pie Chart Panel)
plugin before 1.5.0
for Grafana allows
XSS via the Values
Header (aka legend
header) option.
2020
-05-
24
3.
5
CVE
-
2020
-
1342
9
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
huawei -- p30_smartphones
HUAWEI P30
smartphones with
versions earlier than
10.1.0.135(C00E135
R2P11) have an
improper
authentication
vulnerability. A logic
error occurs when
handling NFC work,
an attacker should
establish a NFC
connection to the
target phone, and
then do a series of
operations on the
target phone.
Successful exploit
could allow a guest
user do certain
operation which is
beyond the guest
user's privilege.
2020
-05-
29
2.
1
CVE
-
2020
-
1798
CON
FIR
M
ibm -- jazz_reporting_service
IBM Jazz Reporting
Service 6.0.6,
6.0.6.1, and 7.0 is
vulnerable to cross-
site scripting. This
vulnerability allows
users to embed
arbitrary JavaScript
code in the Web UI
thus altering the
intended
functionality
2020
-05-
28
3.
5
CVE
-
2020
-
4419
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
potentially leading to
credentials disclosure
within a trusted
session. IBM X-
Force ID: 180071.
ibm -- planning_analytics_local
IBM Planning
Analytics Local 2.0.0
through 2.0.9 is
vulnerable to cross-
site scripting. This
vulnerability allows
users to embed
arbitrary JavaScript
code in the Web UI
thus altering the
intended
functionality
potentially leading to
credentials disclosure
within a trusted
session. IBM X-
Force ID: 176735.
2020
-05-
29
3.
5
CVE
-
2020
-
4306
XF
CON
FIR
M
ibm -- spectrum_scale
IBM Spectrum Scale
5.0.0.0 through
5.0.4.4 is vulnerable
to cross-site
scripting. This
vulnerability allows
users to embed
arbitrary JavaScript
code in the Web UI
thus altering the
intended
functionality
2020
-05-
27
3.
5
CVE
-
2020
-
4358
XF
CON
FIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
potentially leading to
credentials disclosure
within a trusted
session. IBM X-
Force ID: 178762.
mozilla -- firefox
A logic flaw in our
location bar
implementation
could have allowed a
local attacker to
spoof the current
location by selecting
a different origin and
removing focus from
the input element.
This vulnerability
affects Firefox < 76.
2020
-05-
26
2.
1
CVE
-
2020
-
1239
4
MIS
C
MIS
C
mozilla --
firefox_and_firefox_esr_and_thunder
bird
The 'Copy as cURL'
feature of Devtools'
network tab did not
properly escape the
HTTP POST data of
a request, which can
be controlled by the
website. If a user
used the 'Copy as
cURL' feature and
pasted the command
into a terminal, it
could have resulted
in the disclosure of
local files. This
vulnerability affects
Firefox ESR < 68.8,
2020
-05-
26
2.
1
CVE
-
2020
-
1239
2
MIS
C
MIS
C
MIS
C
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
Firefox < 76, and
Thunderbird <
68.8.0.
netqmail -- netqmail
qmail-verify as used
in netqmail 1.06 is
prone to an
information
disclosure
vulnerability. A local
attacker can test for
the existence of files
and directories
anywhere in the
filesystem because
qmail-verify runs as
root and tests for the
existence of files in
the attacker's home
directory, without
dropping its
privileges first.
2020
-05-
26
2.
1
CVE
-
2020
-
3812
CON
FIR
M
MIS
C
CON
FIR
M
ocproducts -- composr
Composr 10.0.30
allows Persistent
XSS via a Usergroup
name under the
Security
configuration.
2020
-05-
22
3.
5
CVE
-
2020
-
8789
MIS
C
FUL
LDIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
pixel_&_tonic -- craft_cms
An issue was
discovered in the
Image Resizer plugin
before 2.0.9 for Craft
CMS. There is stored
XSS in the Bulk
Resize action.
2020
-05-
25
3.
5
CVE
-
2020
-
1345
9
MIS
C
qemu -- qemu
sd_wp_addr in
hw/sd/sd.c in QEMU
4.2.0 uses an
unvalidated address,
which leads to an
out-of-bounds read
during sdhci_write()
operations. A guest
OS user can crash
the QEMU process.
2020
-05-
27
2.
1
CVE
-
2020
-
1325
3
CON
FIR
M
CON
FIR
M
MIS
C
qemu -- qemu
In QEMU 4.2.0,
es1370_transfer_audi
o in
hw/audio/es1370.c
does not properly
validate the frame
count, which allows
guest OS users to
trigger an out-of-
bounds access during
an es1370_write()
operation.
2020
-05-
28
2.
1
CVE
-
2020
-
1336
1
CON
FIR
M
MIS
C
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
qemu -- qemu
In QEMU 4.2.0,
megasas_lookup_fra
me in
hw/scsi/megasas.c
has an out-of-bounds
read via a crafted
reply_queue_head
field from a guest OS
user.
2020
-05-
28
2.
1
CVE
-
2020
-
1336
2
CON
FIR
M
MIS
C
MIS
C
wordpress -- wordpress
The bbPress plugin
through 2.6.4 for
WordPress has
stored XSS in the
Forum creation
section, resulting in
JavaScript execution
at wp-
admin/edit.php?post_
type=forum (aka the
Forum listing page)
for all users. An
administrator can
exploit this at the
wp-
admin/post.php?actio
n=edit URI.
2020
-05-
26
3.
5
CVE
-
2020
-
1348
7
MIS
C
MIS
C
MIS
C
MIS
C
wordpress -- wordpress
An issue was
discovered in the
Accordion plugin
before 2.2.9 for
2020
-05-
28
3.
5
CVE
-
2020
-
Primary
Vendor -- Product Description
Publ
ishe
d
C
V
SS
Sc
or
e
Sour
ce &
Patc
h
Info
WordPress. The
unprotected AJAX
wp_ajax_accordions
_ajax_import_json
action allowed any
authenticated user
with Subscriber or
higher permissions
the ability to import
a new accordion and
inject malicious
JavaScript as part of
the accordion.
1364
4
MIS
C
MIS
C
Severity Not Yet Assigned
Primary
Vendor -- Product Description Published
CVSS
Score
abb -- device_library_wizard
Insecure storage of sensitive information in ABB Device Library Wizard versions
6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that
contains confidential data
2020-05-
29
not yet
calculated
anchore -- engine
In Anchore Engine version 0.7.0, a specially crafted container image manifest,
fetched from a registry, can be used to trigger a shell escape flaw in the anchore
engine analyzer service during an image analysis process. The image analysis
operation can only be executed by an authenticated user via a valid API request to
anchore engine, or if an already added image that anchore is monitoring has its
manifest altered to exploit the same flaw. A successful attack can be used to execute
commands that run in the analyzer environment, with the same permissions as the
user that anchore engine is run as - including access to the credentials that Engine
2020-05-
27
not yet
calculated
Primary
Vendor -- Product Description Published
CVSS
Score
uses to access its own database which have read-write ability, as well as access to
the running engien analyzer service environment. By default Anchore Engine is
released and deployed as a container where the user is non-root, but if users run
Engine directly or explicitly set the user to 'root' then that level of access may be
gained in the execution environment where Engine runs. This issue is fixed in
version 0.7.1.
freerdp -- freerdp
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions
(parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write,
printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been
fixed in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in
ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in
ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an
internal structure. This has been fixed in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list.
Clipboard format data read (by client or server) might read data out-of-bounds. This
has been fixed in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in
rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on
screen (as colors). This has been patched in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used
unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...).
The most likely outcome is a crash of the client instance followed by no or distorted
sound or a session disconnect. If a user cannot upgrade to the patched version, a
workaround is to disable sound for the session. This has been patched in 2.1.0.
2020-05-
29
not yet
calculated
Primary
Vendor -- Product Description Published
CVSS
Score
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from
memory in clear_decompress_subcode_rlex, visualized on screen as color. This has
been patched in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB
redirection enabled (nearly) arbitrary memory can be read and written due to integer
overflows in length checks. This has been patched in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow
exists. When using /video redirection, a manipulated server can instruct the client to
allocate a buffer with a smaller size than requested due to an integer overflow in
size calculation. With later messages, the server can manipulate the client to write
data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, when running with logger set to
"WLOG_TRACE", a possible crash of application could occur due to a read of an
invalid array index. Data could be printed as string to local terminal. This has been
fixed in 2.1.0.
2020-05-
29
not yet
calculated
freerdp -- freerdp
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in
ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.
2020-05-
29
not yet
calculated
huawei --
cloudengine_12800_products
CloudEngine 12800 products with versions of V200R019C00,
V200R019C10SPC800, V200R019C00SPC600, V200R019C10; and CloudEngine
6800 products with versions of V200R019C00SPC800 have a denial of service
vulnerability. Due to improper memory management, memory leakage may occur in
some special cases. Attackers can perform a series of operations to exploit this
vulnerability. Successful exploit may cause a denial of service.
2020-05-
29
not yet
calculated
huawei -- e6878-370_products
E6878-370 products with versions of 10.0.3.1(H557SP27C233) and
10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program
copies an input buffer to an output buffer without verification. An attacker in the
adjacent network could send a crafted message, successful exploit could lead to
stack buffer overflow which may cause malicious code execution.
2020-05-
29
not yet
calculated
Primary
Vendor -- Product Description Published
CVSS
Score
huawei -- honor_9x_smartphones
Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an
improper authentication vulnerability. A logic error occurs when handling clock
function, an attacker should do a series of crafted operations quickly before the
phone is unlocked, successful exploit could allow the attacker to access clock
information without unlock the phone.
2020-05-
29
not yet
calculated
huawei -- mate_10_smartphones
HUAWEI Mate 10 smartphones with versions earlier than
10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The
attacker could wake up voice assistant then do a series of crafted voice operation,
successful exploit could allow the attacker read certain files without unlock the
phone leading to information disclosure.
2020-05-
29
not yet
calculated
huawei -- mate_20_smartphones
HUAWEI Mate 20 smartphones with versions earlier than
10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The
digital balance function does not sufficiently restrict the using time of certain user,
successful exploit could allow the user break the limit of digital balance function
after a series of operations with a PC.
2020-05-
29
not yet
calculated
huawei -- mate_20_smartphones
HUAWEI Mate 20 smartphones with versions earlier than
10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system
does not properly restrict certain operation in ADB mode, successful exploit could
allow certain user break the limit of digital balance function.
2020-05-
29
not yet
calculated
kantech -- entrapass_editions
A vulnerability in all versions of Kantech EntraPass Editions could potentially
allow an authorized low-privileged user to gain full system-level privileges by
replacing critical files with specifically crafted files.
2020-05-
26
not yet
calculated
linux -- linux_kernel
A flaw was found in the Linux kernels SELinux LSM hook implementation before
version 5.7, where it incorrectly assumed that an skb would only contain a single
netlink message. The hook would incorrectly only validate the first netlink message
in the skb and allow or deny the rest of the messages within the skb with the granted
permission without further processing.
2020-05-
26
not yet
calculated
Primary
Vendor -- Product Description Published
CVSS
Score
micro_focus --
service_management_automation
There is an Incorrect Authorization vulnerability in Micro Focus Service
Management Automation (SMA) product affecting version 2018.05 to 2020.02. The
vulnerability could be exploited to provide unauthorized access to the Container
Deployment Foundation.
2020-05-
29
not yet
calculated
mulesoft -- mule_ce/ee
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x
released before April 7, 2020, could allow remote attackers to submit data which
can lead to resource exhaustion.
2020-05-
29
not yet
calculated
oddjob-mkhomedir -- oddjob-
mkhomedir
A race condition was found in the mkhomedir tool shipped with the oddjob package
in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir
copies the /etc/skel directory into the newly created home and changes its ownership
to the home's user without properly checking the homedir path. This flaw allows an
attacker to leverage this issue by creating a symlink point to a target folder, which
then has its ownership transferred to the new home directory's unprivileged user.
2020-05-
27
not yet
calculated
smartdraw -- smartdraw_2020
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the
Authenticated Users group on the SmartDraw 2020 installation folder. Additionally,
when the product is installed, two scheduled tasks are created on the machine,
SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the
context of the user who installed the product. Both scheduled tasks attempt to run
the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages
doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the
weak folder permissions, these can be created by any user. A malicious actor can
therefore create a malicious SDNotify.exe binary, and have it automatically run,
whenever the user who installed the product logs on to the machine. The malicious
SDNotify.exe could, for example, create a new local administrator account on the
machine.
2020-05-
27
not yet
calculated
swarcos --
cpu_ls4000_series_devices
An open port used for debugging in SWARCOs CPU LS4000 Series with versions
starting with G4... grants root access to the device without access control via
network. A malicious user could use this vulnerability to get access to the device
and disturb operations with connected devices.
2020-05-
29
not yet
calculated
synk-broker -- synk-broker
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It
allows arbitrary file reads for users with access to Snyk's internal network by
creating symlinks to match whitelisted paths.
2020-05-
29
not yet
calculated
Primary
Vendor -- Product Description Published
CVSS
Score
synk-broker -- synk-broker
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It
logs private keys if logging level is set to DEBUG.
2020-05-
29
not yet
calculated
synk-broker -- synk-broker
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It
allows partial file reads for users who have access to Snyk's internal network via
patch history from GitHub Commits API.
2020-05-
29
not yet
calculated
synk-broker -- synk-broker
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It
allows arbitrary file reads for users with access to Snyk's internal network via
directory traversal.
2020-05-
29
not yet
calculated
synk-broker -- synk-broker
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable
to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's
internal network of any files ending in the following extensions: yaml, yml or json.
2020-05-
29
not yet
calculated
synk-broker -- synk-broker
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It
allows arbitrary file reads for users who have access to Snyk's internal network by
appending the URL with a fragment identifier and a whitelisted path e.g.
`#package.json`
2020-05-
29
not yet
calculated
vivotek -- network_cameras
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before
XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and
execute a script (with resultant execution of OS commands). For example, this
affects IT9388-HT devices.
2020-05-
28
not yet
calculated
vivotek -- network_cameras
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-
VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an
authenticated user to obtain arbitrary files from a camera's local filesystem. For
example, this affects IT9388-HT devices.
2020-05-
28
not yet
calculated
Primary
Vendor -- Product Description Published
CVSS
Score
vmware -- multiple_products
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and
prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege
escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in
the service opener. Successful exploitation of this issue may allow attackers with
normal user privileges to escalate their privileges to root on the system where
Fusion, VMRC and Horizon Client are installed.
2020-05-
29
not yet
calculated
vmware -- multiple_products
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-
202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion
(11.x before 11.5.2) contain a denial-of-service vulnerability in the shader
functionality. Successful exploitation of this issue may allow attackers with non-
administrative access to a virtual machine to crash the virtual machine's vmx
process leading to a denial of service condition.
2020-05-
29
not yet
calculated
vmware -- multiple_products
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-
202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion
(11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A
malicious actor with local non-administrative access to a virtual machine may be
able to crash the virtual machine's vmx process leading to a partial denial of service.
2020-05-
29
not yet
calculated