airleader — master_and_easy_devices
|
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. |
2020-11-16 |
not yet calculated |
CVE-2020-26509
MISC |
airleader — master_devices
|
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. |
2020-11-16 |
not yet calculated |
CVE-2020-26510
MISC |
| amazon — amazon_web_services_encryption_sdk |
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later. |
2020-11-16 |
not yet calculated |
CVE-2020-8897
CONFIRM
CONFIRM |
anuku — time_tracker
|
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user’s mailbox |
2020-11-16 |
not yet calculated |
CVE-2020-27423
MISC |
anuku — time_tracker
|
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn’t expire once used, allowing an attacker to use the same link to takeover the account. |
2020-11-16 |
not yet calculated |
CVE-2020-27422
MISC
MISC |
apache — libapreq2
|
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. |
2020-11-19 |
not yet calculated |
CVE-2019-12412
MISC
MISC |
apache — openoffice
|
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. |
2020-11-17 |
not yet calculated |
CVE-2020-13958
MISC |
| archive_tar — archive_tar |
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. |
2020-11-19 |
not yet calculated |
CVE-2020-28949
MISC |
archive_tar — archive_tar
|
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. |
2020-11-19 |
not yet calculated |
CVE-2020-28948
MISC |
artworks_gallery — artworks_gallery
|
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. |
2020-11-17 |
not yet calculated |
CVE-2020-28688
MISC
MISC |
artworks_gallery — artworks_gallery
|
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. |
2020-11-17 |
not yet calculated |
CVE-2020-28687
MISC
MISC |
avaya — weblm
|
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. |
2020-11-13 |
not yet calculated |
CVE-2020-7032
MISC
FULLDISC
CONFIRM |
aviatrix — cloud_controller
|
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. |
2020-11-17 |
not yet calculated |
CVE-2020-26550
MISC |
aviatrix — cloud_controller
|
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. |
2020-11-17 |
not yet calculated |
CVE-2020-26548
MISC |
aviatrix — cloud_controller
|
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. |
2020-11-17 |
not yet calculated |
CVE-2020-26549
MISC |
aviatrix — cloud_controller
|
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. |
2020-11-17 |
not yet calculated |
CVE-2020-26551
MISC |
aviatrix — cloud_controller
|
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. |
2020-11-17 |
not yet calculated |
CVE-2020-26552
MISC |
aviatrix — cloud_controller
|
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. |
2020-11-17 |
not yet calculated |
CVE-2020-26553
MISC |
avid_cloud_solutions — cloudavid_pparam
|
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. |
2020-11-16 |
not yet calculated |
CVE-2020-28723
MISC
MISC |
avideo — avideo
|
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. |
2020-11-16 |
not yet calculated |
CVE-2020-23490
MISC
MISC |
avideo — avideo
|
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin. |
2020-11-16 |
not yet calculated |
CVE-2020-23489
MISC
MISC |
basetech — ge-131-1837836_firmware
|
A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information. |
2020-11-17 |
not yet calculated |
CVE-2020-27553
MISC |
basetech — ge-131-1837836_firmware
|
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. |
2020-11-17 |
not yet calculated |
CVE-2020-27555
MISC |
basetech — ge-131-1837836_firmware
|
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. |
2020-11-17 |
not yet calculated |
CVE-2020-27558
MISC |
basetech — ge-131-1837836_firmware
|
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. |
2020-11-17 |
not yet calculated |
CVE-2020-27557
MISC |
basetech — ge-131-1837836_firmware
|
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. |
2020-11-17 |
not yet calculated |
CVE-2020-27554
MISC |
basetech — ge-131-1837836_firmware
|
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. |
2020-11-17 |
not yet calculated |
CVE-2020-27556
MISC |
beckhoff _automation — twincat
|
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added. |
2020-11-19 |
not yet calculated |
CVE-2020-12510
CONFIRM |
bejing_liangiing_zhicheng_technology — ltd_ljcmsshop
|
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address. |
2020-11-18 |
not yet calculated |
CVE-2020-22723
MISC
MISC |
bernd_bestel — grocy
|
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. |
2020-11-18 |
not yet calculated |
CVE-2020-25454
MISC |
big-ip — big-ip_platforms
|
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE). |
2020-11-19 |
not yet calculated |
CVE-2020-5947
CONFIRM |
bigbluebutton — bigbluebutton
|
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. |
2020-11-19 |
not yet calculated |
CVE-2020-28953
MISC
MISC |
bigbluebutton — bigbluebutton
|
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. |
2020-11-19 |
not yet calculated |
CVE-2020-28954
MISC
MISC
MISC
MISC |
binarynights — forklift
|
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift’s helper tool. |
2020-11-17 |
not yet calculated |
CVE-2020-27192
MISC |
binarynights — forklift
|
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. |
2020-11-17 |
not yet calculated |
CVE-2020-15349
CONFIRM
MISC |
canon — oce_colorwave_3500_devices
|
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. |
2020-11-16 |
not yet calculated |
CVE-2020-26508
MISC |
canonical — ubuntu_pulseaudio
|
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. |
2020-11-19 |
not yet calculated |
CVE-2020-15710
UBUNTU
UBUNTU |
cisco — asyncos
|
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. |
2020-11-18 |
not yet calculated |
CVE-2020-3367
CISCO |
cisco — dna_spaces_connector
|
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application. |
2020-11-18 |
not yet calculated |
CVE-2020-3586
CISCO |
cisco — expressway
|
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. |
2020-11-18 |
not yet calculated |
CVE-2020-3482
CISCO |
cisco — integrated_management_controller
|
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). |
2020-11-18 |
not yet calculated |
CVE-2020-3470
CISCO |
| cisco — iot_field_network_director |
A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. |
2020-11-18 |
not yet calculated |
CVE-2020-26080
CISCO |
| cisco — iot_field_network_director |
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. |
2020-11-18 |
not yet calculated |
CVE-2020-26078
CISCO |
cisco — iot_field_network_director
|
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system. |
2020-11-18 |
not yet calculated |
CVE-2020-26081
CISCO |
cisco — iot_field_network_director
|
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. |
2020-11-18 |
not yet calculated |
CVE-2020-26079
CISCO |
cisco — iot_field_network_director
|
A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. |
2020-11-18 |
not yet calculated |
CVE-2020-26077
CISCO |
cisco — iot_field_network_director
|
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. |
2020-11-18 |
not yet calculated |
CVE-2020-26076
CISCO |
cisco — iot_field_network_director
|
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. |
2020-11-18 |
not yet calculated |
CVE-2020-26075
CISCO |
cisco — iot_field_network_director
|
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. |
2020-11-18 |
not yet calculated |
CVE-2020-26072
CISCO |
cisco — iot_field_network_director
|
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication. |
2020-11-18 |
not yet calculated |
CVE-2020-3392
CISCO |
cisco — iot_field_network_director
|
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information. |
2020-11-18 |
not yet calculated |
CVE-2020-3531
CISCO |
cisco — security_manager
|
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. |
2020-11-17 |
not yet calculated |
CVE-2020-27125
CISCO |
cisco — security_manager
|
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. |
2020-11-17 |
not yet calculated |
CVE-2020-27130
CISCO |
cisco — security_manager
|
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITYSYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities. |
2020-11-17 |
not yet calculated |
CVE-2020-27131
CISCO |
cisco — telepresence_ce_software_and_roomos_software
|
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users. |
2020-11-18 |
not yet calculated |
CVE-2020-26068
CISCO |
cisco — webex_meetings
|
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user. |
2020-11-18 |
not yet calculated |
CVE-2020-27126
CISCO |
cisco — webex_meetings_and_webex_meetings_server
|
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. |
2020-11-18 |
not yet calculated |
CVE-2020-3471
CISCO |
cisco — webex_meetings_and_webex_meetings_server
|
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. |
2020-11-18 |
not yet calculated |
CVE-2020-3441
CISCO |
cisco — webex_meetings_server
|
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. |
2020-11-18 |
not yet calculated |
CVE-2020-3419
CISCO |
| citrix — sd-wan_center |
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. |
2020-11-16 |
not yet calculated |
CVE-2020-8273
MISC |
citrix — sd-wan_center
|
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 |
2020-11-16 |
not yet calculated |
CVE-2020-8272
MISC |
citrix — sd-wan_center
|
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 |
2020-11-16 |
not yet calculated |
CVE-2020-8271
MISC |
citrix — virtual_apps_and_desktop
|
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 |
2020-11-16 |
not yet calculated |
CVE-2020-8269
MISC |
citrix — virtual_apps_and_desktop
|
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342 |
2020-11-16 |
not yet calculated |
CVE-2020-8270
MISC |
controlled-merge — controlled-merge
|
Prototype pollution vulnerability in ‘controlled-merge’ versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. |
2020-11-15 |
not yet calculated |
CVE-2020-28268
MISC
MISC |
cxuucms — cxuucms
|
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. |
2020-11-18 |
not yet calculated |
CVE-2020-28091
MISC
CONFIRM |
doc-path — doc-path
|
This affects the package doc-path before 2.1.2. |
2020-11-15 |
not yet calculated |
CVE-2020-7772
CONFIRM
CONFIRM
CONFIRM |
drupal — drupal
|
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. |
2020-11-20 |
not yet calculated |
CVE-2020-13671
CONFIRM |
endress+hauser — ecograph_t
|
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic “tokens”. The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on. |
2020-11-19 |
not yet calculated |
CVE-2020-12495
CONFIRM |
endress+hauser — ecograph_t_and_memograph_m
|
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it’s possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user. |
2020-11-19 |
not yet calculated |
CVE-2020-12496
CONFIRM |
fastadmin — fastadmin
|
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. |
2020-11-17 |
not yet calculated |
CVE-2020-21665
MISC |
firebase — util
|
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. |
2020-11-16 |
not yet calculated |
CVE-2020-7765
CONFIRM
CONFIRM
CONFIRM |
| garmin — forerunner_235 |
Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. |
2020-11-16 |
not yet calculated |
CVE-2020-27484
MISC |
garmin — forerunner_235
|
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution. |
2020-11-16 |
not yet calculated |
CVE-2020-27483
MISC |
garmin — forerunner_235
|
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. |
2020-11-16 |
not yet calculated |
CVE-2020-27486
MISC |
garmin — forerunner_235
|
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. |
2020-11-16 |
not yet calculated |
CVE-2020-27485
MISC |
genexis — platinum_4410_router
|
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action ‘X_GetAccess’ which leaks the credentials of ‘admin’, provided that the attacker is network adjacent. |
2020-11-17 |
not yet calculated |
CVE-2020-25988
MISC
MISC
MISC
MISC |
gila — gila_cms
|
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. |
2020-11-16 |
not yet calculated |
CVE-2020-28692
MISC |
gitlab — ce/cc
|
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-26405
CONFIRM
MISC
MISC |
| gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-19 |
not yet calculated |
CVE-2020-13355
CONFIRM
MISC
MISC |
| gitlab — ce/ee
|
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who’s able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. |
2020-11-17 |
not yet calculated |
CVE-2020-13350
CONFIRM
MISC
MISC |
gitlab — ce/ee
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-19 |
not yet calculated |
CVE-2020-13356
CONFIRM
MISC
MISC |
gitlab — ce/ee
|
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-13358
CONFIRM
MISC |
gitlab — ce/ee
|
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-19 |
not yet calculated |
CVE-2020-13359
CONFIRM
MISC |
gitlab — ce/ee
|
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. |
2020-11-17 |
not yet calculated |
CVE-2020-13354
CONFIRM
MISC
MISC |
gitlab — ce/ee
|
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-13351
CONFIRM
MISC
MISC |
gitlab — ce/ee
|
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-13352
CONFIRM
MISC
MISC |
| gitlab — ee
|
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-13349
CONFIRM
MISC |
gitlab — ee
|
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-13348
CONFIRM
MISC |
gitlab — ee
|
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-26406
CONFIRM
MISC
MISC |
gitlab — gitlay
|
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
2020-11-17 |
not yet calculated |
CVE-2020-13353
CONFIRM
MISC |
hcl — domino
|
HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. |
2020-11-21 |
not yet calculated |
CVE-2020-14234
CONFIRM |
hcl — domino
|
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. |
2020-11-21 |
not yet calculated |
CVE-2020-14230
CONFIRM |
hcl — notes
|
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected. |
2020-11-21 |
not yet calculated |
CVE-2020-14258
CONFIRM |
| horizontcms — horizontcms |
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> |
2020-11-16 |
not yet calculated |
CVE-2020-28693
MISC
MISC |
ibm — business_automation_workflow
|
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. |
2020-11-16 |
not yet calculated |
CVE-2020-4672
XF
CONFIRM |
ibm — db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. |
2020-11-19 |
not yet calculated |
CVE-2020-4701
XF
CONFIRM |
ibm — db2_accessories_suite
|
IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. |
2020-11-20 |
not yet calculated |
CVE-2020-4739
XF
CONFIRM |
ibm — jazz_reporting_service
|
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731. |
2020-11-19 |
not yet calculated |
CVE-2020-4718
XF
CONFIRM |
ibm — mq_appliance
|
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. |
2020-11-18 |
not yet calculated |
CVE-2020-4592
XF
CONFIRM |
ibm — power9
|
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. |
2020-11-20 |
not yet calculated |
CVE-2020-4788
MLIST
MLIST
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. |
2020-11-16 |
not yet calculated |
CVE-2020-4692
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. |
2020-11-16 |
not yet calculated |
CVE-2020-4700
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. |
2020-11-16 |
not yet calculated |
CVE-2020-4566
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091. |
2020-11-16 |
not yet calculated |
CVE-2020-4655
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190. |
2020-11-16 |
not yet calculated |
CVE-2020-4705
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. |
2020-11-16 |
not yet calculated |
CVE-2020-4671
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. |
2020-11-16 |
not yet calculated |
CVE-2020-4475
XF
CONFIRM |
ibm — sterling_b2b_integrator_standard_edition
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. |
2020-11-20 |
not yet calculated |
CVE-2020-4937
XF
CONFIRM |
ibm — sterling_file_gateway
|
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. |
2020-11-16 |
not yet calculated |
CVE-2020-4763
XF
CONFIRM |
ibm — sterling_file_gateway
|
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
2020-11-16 |
not yet calculated |
CVE-2020-4647
XF
CONFIRM |
ibm — sterling_file_gateway
|
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. |
2020-11-16 |
not yet calculated |
CVE-2020-4476
XF
CONFIRM |
ibm — sterling_file_gateway
|
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. |
2020-11-16 |
not yet calculated |
CVE-2020-4665
XF
CONFIRM |
imagemagik — imagemagik
|
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. |
2020-11-20 |
not yet calculated |
CVE-2020-19667
MISC |
infinitewp — admin_panel
|
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. |
2020-11-16 |
not yet calculated |
CVE-2020-28642
MISC |
influxdata — influxdb
|
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). |
2020-11-19 |
not yet calculated |
CVE-2019-20933
MISC
MISC
MISC |
ivanti — endpoint_manager
|
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. |
2020-11-16 |
not yet calculated |
CVE-2020-13773
MISC
MISC |
jamodat — tsmmanager_collector
|
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector’s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances’ consoles, accessing hardware configurations, etc.Exploiting this vulnerability won’t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. |
2020-11-19 |
not yet calculated |
CVE-2020-28054
MISC
MISC
MISC |
| jetbrains — ideavim |
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. |
2020-11-16 |
not yet calculated |
CVE-2020-27623
MISC
CONFIRM |
jetbrains — intellij_idea
|
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. |
2020-11-16 |
not yet calculated |
CVE-2020-27622
MISC
CONFIRM |
jetbrains — ktor
|
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. |
2020-11-16 |
not yet calculated |
CVE-2020-26129
MISC
CONFIRM |
jetbrains — teamcity
|
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. |
2020-11-16 |
not yet calculated |
CVE-2020-27629
MISC
CONFIRM |
jetbrains — teamcity
|
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. |
2020-11-16 |
not yet calculated |
CVE-2020-27627
MISC
CONFIRM |
jetbrains — teamcity
|
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. |
2020-11-16 |
not yet calculated |
CVE-2020-27628
MISC
CONFIRM |
jupyter — notebook
|
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. |
2020-11-18 |
not yet calculated |
CVE-2020-26215
MISC
CONFIRM |
kaa — iot_platform
|
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter. |
2020-11-17 |
not yet calculated |
CVE-2020-26701
MISC |
kamailio — kamailio
|
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. |
2020-11-18 |
not yet calculated |
CVE-2020-28361
MISC
MISC |
kata — containers
|
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only. |
2020-11-17 |
not yet calculated |
CVE-2020-28914
MISC
MISC
MISC
MISC
MISC |
kyocera — ecosys_m2640idw_printers
|
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in “Machine Address Book”. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions |
2020-11-17 |
not yet calculated |
CVE-2020-25890
MISC |
lemoncms — lemoncms
|
appadmincontrollersysUploads.php in lemocms 1.8.x allows users to upload files to upload executable files. |
2020-11-18 |
not yet calculated |
CVE-2020-25406
MISC |
libsixel — libsixel
|
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. |
2020-11-20 |
not yet calculated |
CVE-2020-19668
MISC |
libsvm — scikit-learn
|
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. |
2020-11-21 |
not yet calculated |
CVE-2020-28975
MISC
MISC |
libuci — openwrt
|
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. |
2020-11-19 |
not yet calculated |
CVE-2020-28951
MISC
MISC
MISC |
libvips — libvips
|
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. |
2020-11-20 |
not yet calculated |
CVE-2020-20739
MISC
MISC |
limesurvey — limesurvey
|
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. |
2020-11-17 |
not yet calculated |
CVE-2020-25798
MISC
MISC |
|
linux — linux_kernel
|
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. |
2020-11-20 |
not yet calculated |
CVE-2020-28974
MISC
MISC
MISC |
linux — linux_kernel
|
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. |
2020-11-18 |
not yet calculated |
CVE-2020-28915
MISC
MISC
MISC
MISC
MISC |
linux — linux_kernel
|
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. |
2020-11-17 |
not yet calculated |
CVE-2020-25705
MISC |
linux — linux_kernel
|
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. |
2020-11-19 |
not yet calculated |
CVE-2020-28941
MLIST
MISC
MISC
MISC
MISC |
lionwiki — lionwiki
|
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
2020-11-16 |
not yet calculated |
CVE-2020-27191
MISC
MISC |
markdown-it-highlightjs — markdown-it-highlightjs
|
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(“markdown-it-highlightjs”); const md = require(‘markdown-it’); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render(‘console.log(42){.”>js}’); console.log(reuslt_xss); |
2020-11-16 |
not yet calculated |
CVE-2020-7773
CONFIRM
CONFIRM
CONFIRM |
melsec — iq-r_series_cpu_modules
|
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from ’05’ to ’19’ and R04/08/16/32/120(EN)CPU Firmware versions from ’35’ to ’51’) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. |
2020-11-16 |
not yet calculated |
CVE-2020-5666
MISC
MISC
MISC
MISC |
melsec — iq-r_series_cpu_modules
|
Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version ’19’ and earlier, R04/08/16/32/120 (EN) CPU firmware version ’51’ and earlier, R08/16/32/120SFCPU firmware version ’22’ and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version ’47’ and earlier, RJ71GF11-T2 firmware version ’47’ and earlier, RJ72GF15-T2 firmware version ’07’ and earlier, RJ71GP21-SX firmware version ’47’ and earlier, RJ71GP21S-SX firmware version ’47’ and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet |
2020-11-20 |
not yet calculated |
CVE-2020-5668
MISC
MISC
MISC
MISC |
mercedes-benz — hermes
|
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. |
2020-11-16 |
not yet calculated |
CVE-2019-19562
MISC
MISC |
mercedes-benz — hermes
|
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. |
2020-11-16 |
not yet calculated |
CVE-2019-19563
MISC
MISC |
mercedes-benz — hermes
|
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information. |
2020-11-16 |
not yet calculated |
CVE-2019-19556
MISC
MISC |
mercedes-benz — hermes
|
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information. |
2020-11-16 |
not yet calculated |
CVE-2019-19561
MISC
MISC |
mercedes-benz — hermes
|
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. |
2020-11-16 |
not yet calculated |
CVE-2019-19560
MISC
MISC |
mercedes-benz — hermes
|
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. |
2020-11-16 |
not yet calculated |
CVE-2019-19557
MISC
MISC |
micro_focus — arcsight_logger
|
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code. |
2020-11-17 |
not yet calculated |
CVE-2020-11851
CONFIRM |
misp — misp
|
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. |
2020-11-19 |
not yet calculated |
CVE-2020-28947
MISC |
| moodle — moodle |
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. |
2020-11-19 |
not yet calculated |
CVE-2020-25699
MISC
MISC |
moodle — moodle
|
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. |
2020-11-19 |
not yet calculated |
CVE-2020-25700
MISC
MISC |
moodle — moodle
|
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. |
2020-11-19 |
not yet calculated |
CVE-2020-25701
MISC
MISC |
moodle — moodle
|
The participants table download in Moodle always included user emails, but should have only done so when users’ emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10. |
2020-11-19 |
not yet calculated |
CVE-2020-25703
MISC
MISC |
moodle — moodle
|
Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. |
2020-11-19 |
not yet calculated |
CVE-2020-25698
MISC
MISC |
moodle — moodle
|
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10. |
2020-11-19 |
not yet calculated |
CVE-2020-25702
MISC
MISC |
nagios — nagios_xi
|
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. |
2020-11-16 |
not yet calculated |
CVE-2020-28648
MISC |
netiq — identity_manager
|
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. |
2020-11-20 |
not yet calculated |
CVE-2020-25839
CONFIRM |
netis — korea_d’live_ap
|
Improper Input validation vulnerability exists in Netis Korea D’live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D’live set-top box AP(WF2429TB) v1.1.10. |
2020-11-20 |
not yet calculated |
CVE-2020-7842
CONFIRM |
netskope — netskope
|
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin’s portal thus leads to compromise admin’s system. |
2020-11-20 |
not yet calculated |
CVE-2020-28845
MISC |
nextcloud — server
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. |
2020-11-16 |
not yet calculated |
CVE-2020-8152
MISC
MISC |
nextcloud — social
|
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. |
2020-11-19 |
not yet calculated |
CVE-2020-8279
MISC
CONFIRM |
nextcloud — social
|
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. |
2020-11-19 |
not yet calculated |
CVE-2020-8278
MISC
CONFIRM |
nexttcloud — server
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. |
2020-11-16 |
not yet calculated |
CVE-2020-8259
MISC
MISC |
node — node.js
|
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. |
2020-11-19 |
not yet calculated |
CVE-2020-8277
MISC
CONFIRM |
oppo_security — com.coloros.codebook
|
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. |
2020-11-19 |
not yet calculated |
CVE-2020-11829
CONFIRM |
oppo_security — com.coloros.codebook
|
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. |
2020-11-19 |
not yet calculated |
CVE-2020-11831
CONFIRM |
oppo_security — com.coloros.codebook
|
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. |
2020-11-19 |
not yet calculated |
CVE-2020-11830
CONFIRM |
paradox — ip150
|
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). |
2020-11-21 |
not yet calculated |
CVE-2020-25189
MISC |
paradox — ip150
|
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). |
2020-11-21 |
not yet calculated |
CVE-2020-25185
MISC |
pdfresurrect — pdfresurrect
|
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). |
2020-11-20 |
not yet calculated |
CVE-2020-20740
MISC
MISC |
pescms — pescms_team
|
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= |
2020-11-17 |
not yet calculated |
CVE-2020-28092
MISC
MISC |
phpgurukul — user_registration_and_login_nd_user_management_system
|
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. |
2020-11-18 |
not yet calculated |
CVE-2020-24723
MISC
MISC |
phpgurukul — user_registration_and_login_user_management_system
|
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. |
2020-11-16 |
not yet calculated |
CVE-2020-25952
MISC
MISC
MISC |
planet_technology — corp_nvr-915_and_nvr-1615_products
|
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
2020-11-18 |
not yet calculated |
CVE-2020-26097
MISC |
prestashop — prestashop
|
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. |
2020-11-16 |
not yet calculated |
CVE-2020-26224
MISC
CONFIRM |
prestashop — product_comments
|
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users’ web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0 |
2020-11-16 |
not yet calculated |
CVE-2020-26225
MISC
CONFIRM |
primekey — ejbca
|
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA’s domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. |
2020-11-19 |
not yet calculated |
CVE-2020-28942
MISC |
pritunl — electron_client
|
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. |
2020-11-19 |
not yet calculated |
CVE-2020-25989
CONFIRM
MISC |
progress — moveit_transder
|
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim’s browser (XSS). |
2020-11-17 |
not yet calculated |
CVE-2020-28647
CONFIRM
MISC |
qnap — qts
|
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. |
2020-11-16 |
not yet calculated |
CVE-2020-2490
CONFIRM |
qnap — qts
|
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. |
2020-11-16 |
not yet calculated |
CVE-2020-2492
CONFIRM |
rclone — rclone
|
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed. |
2020-11-19 |
not yet calculated |
CVE-2020-28924
MISC
MISC |
red_hat — jboss_keycloak
|
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. |
2020-11-17 |
not yet calculated |
CVE-2020-10776
MISC |
red_hat — jboss_keycloak
|
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. |
2020-11-17 |
not yet calculated |
CVE-2020-14389
MISC |
red_hat — xpdf
|
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. |
2020-11-21 |
not yet calculated |
CVE-2020-25725
CONFIRM
MISC |
reddoxx — maildepot_2033
|
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. |
2020-11-18 |
not yet calculated |
CVE-2020-26554
MISC
MISC |
resourcexpress — qubi3_devices
|
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility. |
2020-11-17 |
not yet calculated |
CVE-2020-25746
CONFIRM
MISC |
rsa — archer
|
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application. |
2020-11-18 |
not yet calculated |
CVE-2020-26884
CONFIRM |
schneider_electric — easergy_t300
|
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. |
2020-11-19 |
not yet calculated |
CVE-2020-7561
MISC |
schneider_electric — ecostruxure_building_operation_enterprise_server
|
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 – V3.1 and Enterprise Central installer V2.0 – V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. |
2020-11-19 |
not yet calculated |
CVE-2020-28209
MISC |
| schneider_electric — ecostruxure_building_operation_webreports |
A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. |
2020-11-19 |
not yet calculated |
CVE-2020-7572
MISC |
schneider_electric — ecostruxure_building_operation_webreports
|
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. |
2020-11-19 |
not yet calculated |
CVE-2020-7570
MISC |
schneider_electric — ecostruxure_building_operation_webreports
|
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. |
2020-11-19 |
not yet calculated |
CVE-2020-7569
MISC |
schneider_electric — ecostruxure_building_operation_webreports
|
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users. |
2020-11-19 |
not yet calculated |
CVE-2020-7571
MISC |
schneider_electric — ecostruxure_building_operation_webreports
|
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 – V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. |
2020-11-19 |
not yet calculated |
CVE-2020-7573
MISC |
schneider_electric — ecostruxure_building_operation_webstation
|
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 – V3.1 that could cause an attacker to inject HTML and JavaScript code into the user’s browser. |
2020-11-19 |
not yet calculated |
CVE-2020-28210
MISC |
| schneider_electric — ecostruxure_control_expert |
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. |
2020-11-19 |
not yet calculated |
CVE-2020-28213
MISC |
schneider_electric — ecostruxure_control_expert
|
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. |
2020-11-19 |
not yet calculated |
CVE-2020-28212
MISC |
schneider_electric — ecostruxure_control_expert
|
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. |
2020-11-19 |
not yet calculated |
CVE-2020-28211
MISC |
schneider_electric — ecostruxure_control_expert
|
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. |
2020-11-19 |
not yet calculated |
CVE-2020-7559
MISC |
schneider_electric — ecostruxure_operator_terminal_expert
|
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. |
2020-11-19 |
not yet calculated |
CVE-2020-7544
MISC |
schneider_electric — igss_definition
|
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7556
MISC |
schneider_electric — igss_definition
|
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7558
MISC |
schneider_electric — igss_definition
|
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7557
MISC |
schneider_electric — igss_definition
|
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7555
MISC |
schneider_electric — igss_definition
|
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7550
MISC |
schneider_electric — igss_definition
|
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7551
MISC |
schneider_electric — igss_definition
|
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7552
MISC |
schneider_electric — igss_definition
|
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7554
MISC |
schneider_electric — igss_definition
|
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. |
2020-11-19 |
not yet calculated |
CVE-2020-7553
MISC |
| schneider_electric — modicon_m221 |
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller and broke the encryption keys. |
2020-11-19 |
not yet calculated |
CVE-2020-7567
MISC |
schneider_electric — modicon_m221
|
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. |
2020-11-19 |
not yet calculated |
CVE-2020-7566
MISC |
schneider_electric — modicon_m221
|
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. |
2020-11-19 |
not yet calculated |
CVE-2020-7565
MISC |
schneider_electric — modicon_m221
|
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller. |
2020-11-19 |
not yet calculated |
CVE-2020-7568
MISC |
| schneider_electric — multiple_products |
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. |
2020-11-18 |
not yet calculated |
CVE-2020-7564
MISC |
schneider_electric — multiple_products
|
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. |
2020-11-18 |
not yet calculated |
CVE-2020-7562
MISC |
schneider_electric — multiple_products
|
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. |
2020-11-18 |
not yet calculated |
CVE-2020-7563
MISC |
schneider_electric — plc_simulator_on_ecostruxure_control_expert
|
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. |
2020-11-19 |
not yet calculated |
CVE-2020-7538
MISC |
scratchverifier — scratchverifier
|
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else’s account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login. |
2020-11-20 |
not yet calculated |
CVE-2020-26236
MISC
CONFIRM |
semantic-release — semantic-release
|
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3. |
2020-11-18 |
not yet calculated |
CVE-2020-26226
MISC
CONFIRM |
sensormatics_electronics — american_dynamics_victor_web_client_and_software_house_c.cure_web_client
|
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. |
2020-11-19 |
not yet calculated |
CVE-2020-9049
CERT
CONFIRM |
sokrates — sowa
|
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. |
2020-11-19 |
not yet calculated |
CVE-2020-28350
MISC |
sourcecodester — gym_management_system
|
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields ‘Package Name’ and ‘Description’. |
2020-11-17 |
not yet calculated |
CVE-2020-28129
MISC
MISC |
sourcecodester — online_clothing_store
|
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. |
2020-11-17 |
not yet calculated |
CVE-2020-28138
MISC
MISC |
sourcecodester — online_clothing_store
|
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. |
2020-11-17 |
not yet calculated |
CVE-2020-28140
MISC
MISC |
sourcecodester — online_clothing_store
|
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. |
2020-11-17 |
not yet calculated |
CVE-2020-28139
MISC
MISC |
sourcecodester — online_library_management_system
|
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). |
2020-11-17 |
not yet calculated |
CVE-2020-28130
MISC
MISC |
sourcecodester — simple_grocery_store_sales_and_inventory_system
|
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. |
2020-11-17 |
not yet calculated |
CVE-2020-28133
MISC
MISC |
sourcecodester — tourism_management_system
|
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. |
2020-11-17 |
not yet calculated |
CVE-2020-28136
MISC
MISC |
sourcecodester — water_billing_system
|
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. |
2020-11-17 |
not yet calculated |
CVE-2020-28183
MISC
MISC
MISC |
| suitecrm — suitecrm |
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. |
2020-11-18 |
not yet calculated |
CVE-2020-15300
MISC |
suitecrm — suitecrm
|
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. |
2020-11-18 |
not yet calculated |
CVE-2020-15301
MISC |
symantec — endpoint_detection_and_response
|
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. |
2020-11-18 |
not yet calculated |
CVE-2020-12593
CONFIRM |
taskcafe — project_management_tool
|
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. |
2020-11-17 |
not yet calculated |
CVE-2020-25400
MISC |
tenable — tp-link_archer
|
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. |
2020-11-21 |
not yet calculated |
CVE-2020-5797
MISC |
tobesoft — xplatform
|
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// |
2020-11-17 |
not yet calculated |
CVE-2020-7841
MISC |
tp-link — multiple_devices
|
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. |
2020-11-20 |
not yet calculated |
CVE-2020-28877
MISC |
tp-link — tl-wpa4220_devices
|
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 |
2020-11-18 |
not yet calculated |
CVE-2020-24297
MISC
MISC |
tp-link — tl-wpa4220_devices
|
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 |
2020-11-18 |
not yet calculated |
CVE-2020-28005
MISC
MISC |
trend_micro — apex_one
|
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. |
2020-11-18 |
not yet calculated |
CVE-2020-28572
MISC |
| trend_micro — interscan_web_security_virtual_appliance |
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. |
2020-11-18 |
not yet calculated |
CVE-2020-28581
MISC
MISC |
trend_micro — interscan_web_security_virtual_appliance
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. |
2020-11-18 |
not yet calculated |
CVE-2020-28578
MISC
MISC |
trend_micro — interscan_web_security_virtual_appliance
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. |
2020-11-18 |
not yet calculated |
CVE-2020-28579
MISC
MISC |
trend_micro — interscan_web_security_virtual_appliance
|
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. |
2020-11-18 |
not yet calculated |
CVE-2020-28580
MISC
MISC |
| trend_micro — security_2020 |
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. |
2020-11-18 |
not yet calculated |
CVE-2020-27697
MISC |
trend_micro — security_2020
|
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. |
2020-11-18 |
not yet calculated |
CVE-2020-27695
MISC |
trend_micro — security_2020
|
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. |
2020-11-18 |
not yet calculated |
CVE-2020-27696
MISC |
trend_micro — worry-free_business_security
|
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product’s management console. |
2020-11-18 |
not yet calculated |
CVE-2020-28574
MISC
MISC |
trusted_computing_group — trusted_platform_module_library_family
|
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack. |
2020-11-18 |
not yet calculated |
CVE-2020-26933
MISC
CONFIRM |
typ03 — typ03
|
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved. |
2020-11-18 |
not yet calculated |
CVE-2020-28917
MISC |
typo3 — fluid
|
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory. |
2020-11-17 |
not yet calculated |
CVE-2020-26216
MISC
CONFIRM
MISC |
valve — game_networking_sockets
|
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution. |
2020-11-18 |
not yet calculated |
CVE-2020-6016
MISC |
vmware — esxi
|
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) |
2020-11-20 |
not yet calculated |
CVE-2020-4005
CONFIRM |
vmware — multiple_products
|
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. |
2020-11-20 |
not yet calculated |
CVE-2020-4004
CONFIRM |
volkswagon — discover_media_infotainment_system
|
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. |
2020-11-16 |
not yet calculated |
CVE-2020-28656
MISC |
werkzeug — werkzeug
|
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. |
2020-11-18 |
not yet calculated |
CVE-2020-28724
MISC
MISC
MISC |
western_digital — inand_devices
|
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack. |
2020-11-18 |
not yet calculated |
CVE-2020-13799
MISC
CONFIRM |
wordpress — wordpress
|
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. |
2020-11-16 |
not yet calculated |
CVE-2020-28650
MISC |
wordpress — wordpress
|
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. |
2020-11-16 |
not yet calculated |
CVE-2020-28649
MISC
MISC |
xstream — xstream
|
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. |
2020-11-16 |
not yet calculated |
CVE-2020-26217
CONFIRM
CONFIRM
CONFIRM |
y18n — y18n
|
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require(‘y18n’)(); y18n.setLocale(‘__proto__’); y18n.updateLocale({polluted: true}); console.log(polluted); // true |
2020-11-17 |
not yet calculated |
CVE-2020-7774
MISC
MISC
MISC
MISC |
yzmcms — yzmcms
|
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. |
2020-11-19 |
not yet calculated |
CVE-2020-22394
MISC |
zte — multiple_devices
|
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2. |
2020-11-19 |
not yet calculated |
CVE-2020-6879
MISC |
Recent Comments