Empowering—Joe Camp’s path from no-code to Microsoft Power Platform advocate

by Contributed | Dec 7, 2020 | Technology

This article is contributed. See the original author and article here.

This is the second of a three-part series on the ways that Microsoft Power Platform empowers people with no coding experience to upskill and quickly learn how to create apps to solve business problems or problems they’ve identified in their local communities. The first post, based on an interview with Gomolemo Mohapi, focused on the young South African student’s path to becoming an IT teacher, app maker, and Microsoft Student Ambassador and cloud advocate experienced in Microsoft Power Platform. The third post, based on a conversation with Dona Sarkar, Advocate Lead – Microsoft Power Platform, tells the story of Sarkar’s meeting Mohapi and inviting him to become a member of her team. Today’s post is based on an interview with Joe Camp, Microsoft Power Platform Advocacy team member and one of Mohapi’s current colleagues. To hear Mohapi, Sarkar, and Camp talk about their experience with Microsoft Power Platform, listen to this Digital Lifestyle podcast.

In July 2020, when Joe Camp joined the Microsoft Power Platform/Power Apps Advocacy team led by Dona Sarkar, he and Gomolemo Mohapi became colleagues. Camp is the lead advocate for career switches to Microsoft Power Platform, and Mohapi is the lead advocate for students and emerging markets. They first met just over a year earlier, at the Microsoft Build Conference in Seattle in 2019, when Camp was still on the Windows Insider team and Mohapi hadn’t yet been hired by Microsoft. Mohapi had been invited to speak at Build and to help launch the project he had worked on with Sarkar, #InsiderUp. Although Sarkar was the one who invited Mohapi and guided him through the conference, it was Camp who helped arrange all his travel from South Africa to Seattle, including visas, lodging, meals, and transportation in Seattle, and who was on call to help him with any logistical issues that arose during the conference. “Now, just a year later,” Camp says with a smile, “we’re colleagues.”

It was Sarkar who was the catalyst for their meeting and becoming colleagues. She had met Mohapi during Microsoft Ignite The Tour in Johannesburg in 2019, when she was head of the Windows Insider Program. She’d been “blown away” by Mohapi, especially by that fact that he had taught himself Microsoft Azure and Microsoft Power Platform using the resources on Microsoft Learn and had created content to help his student peers learn this tech, too. So she invited the young South African and a few others she had met at conferences to the 2019 Build conference in Seattle to help her launch a new program and meet other Microsoft executives. “This shows,” Camp emphasizes, “why it’s so important to get out and meet people.” By staying inside a tech or corporate or even location bubble, and not engaging with people in different contexts, many opportunities are missed. In Empowering—Gomolemo Mohapi’s journey from student to Microsoft Power Platform advocate, the first post in this series, you can read the story of how Mohapi made the journey from attending Microsoft Ignite The Tour in Johannesburg to speaking at Build in Seattle to being hired on the Microsoft Power Platform Advocacy team and becoming Camp’s colleague.

Cloud advocates who continue their learning by learning from each other

As colleagues, Camp and Mohapi are frequently in contact. They have regular contact in team meetings, of course, but their work relationship extends far beyond that. “We’re a generation apart,” Camp says, “but we’re peers. He’s one of the most mature people I’ve ever met—at any age. When I first met him at Build and heard that he had developed learning guides to help his fellow college students grasp difficult material, I was blown away. I certainly wasn’t that focused at that age or in college.” Add to that, Camp says, Mohapi is humble. “He always gives credit to other people first, instead of calling attention to himself.”

Working with Mohapi on the Microsoft Power Platform Advocacy team these past months, Camp has also had the opportunity to observe his teaching close up. “He’s one of the best presenters I’ve ever seen—though I know speaking in public hasn’t always been easy for him. He’s always thoroughly prepared, he’s concise, and he’s engaging. Most important, his content is always easily digestible. It flows naturally.” Recently they both gave presentations at Start. Dev. Change., a virtual event for beginners looking to learn new development skills. Camp led a “First Power Apps” session (1:38:25) and Mohapi a “Power Apps from Scratch” session (2:08:38). Afterward, they had a sync to talk through their presentations and see what they could learn from one another about how to present the material better.

“He teaches me stuff all the stinking time,” Camp says. “He helps me to think technically. As someone without a technical background, I especially appreciate his teaching me this mindset: think through things structurally, in terms of a system, and thinking out of the box, and then marrying the two. For example, with the Power Apps tool, you think things through as a developer and also in terms of the user experience, a kind of right brain/left brain experience.” Camp and Mohapi are currently working together, with other team members, on an “Intro to Power Apps” course for Udacity, the online learning website with a focus on career switching.

Camp’s journey from no-code to citizen developer

Camp and Mohapi may be a generation apart and come from very different backgrounds, but before their journeys overlapped, they had both found their way to Microsoft Power Platform from very different experiences with coding experiences. And just as Mohapi’s journey from being an Azure developer to creating apps with Microsoft Power Platform and helping teach others to do that is an asset, so is Camp’s journey from non-coder to Microsoft Power Platform app maker. Camp’s journey shows that anyone can learn how to build apps with low-code techniques to simplify, automate, and transform business tasks and processes. You can start your upskilling journey by exploring the Microsoft Power Platform app maker training and certification on Microsoft Learn.

Though reluctant to focus on himself, Camp has a story of becoming a cloud advocate that’s also inspiring. He spent years in the financial services industry, where his work consisted primarily of “playing with Excel spreadsheets.” When his position at a Washington-based bank was eliminated, and the banking industry was consolidating, so there was less of a need for his type of expertise, he saw it as an opportunity to look for a different kind of work in the Seattle area. He landed as a vendor working in the Microsoft Most Valuable Professional (MVP) program, an outreach program to identify non-Microsoft employees who provide support, advocacy, and feedback from the community back into Microsoft programs. Eventually, he was hired full time in that program, due to his strong passion for building and nurturing communities. His role at the time was to help identify community influencers (potential MVPs) who were providing support for all the Office apps, SharePoint, and Exchange and were nurturing internal- and external-facing relationships.

Pivoting to such a different role wasn’t easy. To go from working with spreadsheets to nurturing internal- and customer-facing relationships, he had to develop an entirely new skill set. Two important skills, he says, helped him make this transition. First, being willing to learn new software he hadn’t even been aware of before. And second, accepting the challenge to build out customer relations skills, so-called soft skills, so he could nurture effective working relationships—both internally and externally—to help everyone “play nice in the sandbox,” as he says, which sometimes works and sometimes doesn’t. One challenge, for example, was building trust in relationships, so product teams would be willing to share information with the MVP community influencers talking together.

After he met Jeremiah Marble, who was running the Windows Insider Program with Sarkar at that time, Camp was hired on the Windows Insider team to build a Windows Insider–focused community program, which is where he was when he met Mohapi. Camp’s role on that team was to build out the Windows Insider MVP Program. He was responsible for setting up that program and running it, managing all internal-facing and more than 160 external-facing relationships.

Another prominent part of his new role was being the point person for the Windows Insider Program’s participation in Microsoft first-party events, such as Build, Inspire, Ignite, and Ignite The Tour. It was at those conferences that he got to know Sarkar, who was then the engineering lead for the Windows Insider Program and the public face of the program. He and Sarkar ran a few small customer engagement events in New York City and Boston, together with a couple of other team members. “That’s when I really got to know Dona,” he says, “and we developed a working relationship. During this time, I mentioned that I was interested in learning to code someday.” After Sarkar became the lead of the advocacy team, she hired him on that team to do this and to help others learn to do so, too.

A citizen developer empowering others to make a change

Camp’s role now on the advocacy team is to focus on people like himself who have made or are making a career switch. By sharing his experience—his learning path—he can encourage and empower others. “I still don’t consider myself a technical person,” he says, “but thanks to learning Microsoft Power Platform, I’ve built three or four apps in the last couple of months. Here’s the story I want to put out there: if you’re scared to make a change, or afraid you can’t learn a new technology, don’t be. You can learn these skills—learn how to use these tools and create apps. I fight the imposter syndrome every day, and I’m creating apps. There’s this great tool called Microsoft Power Platform that enables you to leverage the skills you’ve developed using Office apps—Microsoft Excel, Microsoft Word, Microsoft PowerPoint—to build functioning apps that automate your workspace.” If you want to learn to create your own Power Apps, a good place to start is this collection of learning paths on Microsoft Learn.

As his comments indicate, Camp takes his role as cloud advocate seriously. He reaches out on Twitter and LinkedIn to his MVP contacts, Sarkar’s many followers, and hiring managers to share with them what he’s doing, which they can then share with their broader audience and their companies. He publishes articles about his developer journey, the first app he created (an inventory management app), how to build your first app, how to set up your own test environment, and reasons to inspire others to upskill as a citizen developer, however he can, to let people know how empowering this is and to inspire them to make a change they might think they’re not ready for or capable of. The opportunities and rewards are great, he says. PricewaterhouseCoopers recently posted 160 jobs focused on Microsoft Power Platform. Right now, the Jobs board on LinkedIn lists over 11,000 jobs around the world that include Microsoft Power Platform in the job description—and that number is getting bigger.

Camp is proof that creating apps is not just for technically trained developers. It’s in reach, even for people who have no experience coding and who may not consider themselves “technical people.” With a desire to learn, the courage to change, and a tool like Microsoft Power Platform, the opportunity to become a citizen developer, as Camp calls himself, or a community developer, as Mohapi calls himself, is there. All you have to do to start your journey, from wherever you are, is take the first step. Check out the Microsoft Power Platform app maker training and certification on Microsoft Learn and explore the possibilities for you. And check out the new Microsoft Power Platform course at aka.ms/UdacityPower.

Hawking in a winter wonderland

by Scott Muniz | Dec 7, 2020 | Security

This article was originally posted by the FTC. See the original article here.

On this 2nd day of Consumer Protection, it’s all about online shopping. Because that’s what we can do this year, right? (OK, it’s a lot of what we do any year.)

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

The Beginner’s Series to Blockchain

by Contributed | Dec 7, 2020 | Technology

This article is contributed. See the original author and article here.

Beginner’s Series to Blockchain

Overview

The Beginner’s Series to Blockchain. The goal of this series is to explain and demonstrate the foundations of blockchain principles. Blockchain has been one of the most exciting emerging technologies in the past decade, and will continue to be a significant technology for the next decade to come. This series is for everyone, no matter what your career or academic background is. Experience with some level of programming in a language like C++, Java, or Python would be helpful but is absolutely not required.

What you’ll learn about in this series

History of blockchain
Evolution of cryptocurrency
Blockchain nodes
Mining
Consensus algorithms
Blockchain use cases
Bitcoin
Ethereum
Solidity
Smart contracts
OpenZeppelin
Azure Solutions

Next steps

If you want to follow along with the course, you can try out the demos on your own with the contract example in this repository microsoft/beginners-series-blockchain: Beginner’s Series to Blockchain (github.com), and the resources shared below.

Helpful resources

To continue your learning, you can refer to the following resources:

Microsoft specific

External resources

Vulnerability Summary for the Week of November 30, 2020

by Scott Muniz | Dec 7, 2020 | Security, Technology

This article is contributed. See the original author and article here.

Original release date: December 7, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
74cms — 74cms	PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.	2020-12-02	7.5	CVE-2020-29279 MISC MISC
bloodx_project — bloodx	SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.	2020-12-02	7.5	CVE-2020-29282 MISC MISC MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.	2020-11-27	10	CVE-2019-19875 MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364.	2020-11-27	7.5	CVE-2019-19872 MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.	2020-11-27	7.5	CVE-2019-19876 MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.	2020-11-27	7.5	CVE-2019-19874 MISC
c-blosc2_project — c-blosc2	blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.	2020-11-27	9.3	CVE-2020-29367 MISC MISC
car_rental_management_system_project — car_rental_management_system	An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.	2020-12-02	7.5	CVE-2020-29287 MISC MISC MISC
cloudfoundry — capi-release	CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.	2020-12-02	7.8	CVE-2020-5423 CONFIRM
crux — crux	The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.	2020-12-02	10	CVE-2020-29389 MISC
edimax — ic-3116w_firmware	A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.	2020-12-01	7.5	CVE-2020-26762 CONFIRM
fujitsu — eternus_storage_dx200_s4_firmware	An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser.	2020-11-30	10	CVE-2020-29127 MISC MISC MISC MISC
gym_management_system_project — gym_management_system	An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter ‘id’ is vulnerable.	2020-12-02	7.5	CVE-2020-29288 MISC MISC MISC
hcltech — domino	HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.	2020-12-02	10	CVE-2020-14260 MISC
hcltech — notes	HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.	2020-12-02	7.2	CVE-2020-4102 MISC
hp — edgeline_infrastructure_manager	A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.	2020-12-02	10	CVE-2020-7199 MISC
huawei — fusioncompute	FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.	2020-12-01	7.2	CVE-2020-9114 MISC
huawei — manageone	ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.	2020-12-01	9	CVE-2020-9115 MISC
ibm — cloud_pak_for_security	IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.	2020-11-30	9	CVE-2020-4627 XF CONFIRM
linux — linux_kernel	An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	2020-12-02	9	CVE-2020-14305 MISC MISC MISC
mitsubishielectric — r00cpu_firmware	Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.	2020-11-30	7.8	CVE-2020-16850 MISC MISC
moddable — moddable	Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.	2020-12-04	7.5	CVE-2020-25462 MISC MISC
multi_restaurant_table_reservation_system_project — multi_restaurant_table_reservation_system	The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.	2020-12-02	7.5	CVE-2020-29284 MISC MISC MISC
online_doctor_appointment_booking_system_php_and_mysql_project — online_doctor_appointment_booking_system_php_and_mysql	An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.	2020-12-02	7.5	CVE-2020-29283 MISC MISC
pcanalyser — pc_analyser	An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges.	2020-11-27	7.2	CVE-2020-28922 MISC MISC MISC
pcanalyser — pc_analyser	An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges.	2020-11-27	7.2	CVE-2020-28921 MISC MISC MISC
point_of_sales_in_php/pdo_project — point_of_sales_in_php/pdo	SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.	2020-12-02	7.5	CVE-2020-29285 MISC MISC MISC
readymedia_project — readymedia	ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.	2020-11-30	7.5	CVE-2020-28926 MISC MISC
synology — safeaccess	SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.	2020-11-30	10	CVE-2020-27660 CONFIRM
systeminformation — systeminformation	npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().	2020-11-27	7.5	CVE-2020-26245 MISC CONFIRM
ucms_project — ucms	File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.	2020-11-30	10	CVE-2020-25537 MISC MISC
valvesoftware — game_networking_sockets	Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.	2020-12-02	7.5	CVE-2020-6018 MISC
victor_cms_project — victor_cms	The Victor CMS v1.0 application is vulnerable to SQL injection via the ‘search’ parameter on the search.php page.	2020-12-02	7.5	CVE-2020-29280 MISC MISC MISC
vsolcn — v1600d_firmware	An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in “upload tftp syslog” and “upload tftp configuration” in the CLI via a crafted filename.	2020-11-29	10	CVE-2020-29381 MISC
vsolcn — v1600d_firmware	An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command.	2020-11-29	9	CVE-2020-29378 MISC
westerndigital — my_cloud_os_5	An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.	2020-12-01	7.5	CVE-2020-28971 MISC CONFIRM
westerndigital — my_cloud_os_5	An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)	2020-12-01	7.5	CVE-2020-28970 MISC CONFIRM
westerndigital — my_cloud_os_5	On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.	2020-12-01	7.5	CVE-2020-28940 MISC CONFIRM
zeroshell — zeroshell	Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.	2020-11-30	10	CVE-2020-29390 MISC
zte — zxv10_w908_firmware	A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.	2020-12-01	7.5	CVE-2020-6880 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
advancedsystemcare — advanced_systemcare	There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD)	2020-12-03	4.9	CVE-2020-23738 MISC MISC MISC
advsys — pngout	An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow.	2020-11-30	4.3	CVE-2020-29384 MISC MISC MISC
amoisoft — anyview	In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD).	2020-12-03	4.9	CVE-2020-23741 MISC MISC MISC
antiy — antiy_zhijia_terminal_defense_system	There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).	2020-12-03	4.9	CVE-2020-23727 MISC MISC MISC
apache — httpclient	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.	2020-12-02	5	CVE-2020-13956 MISC MLIST MLIST
atlassian — jira	Affected versions of Automation for Jira – Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.	2020-11-30	5.5	CVE-2020-14193 N/A
atx — minicmts200a_firmware	A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.	2020-12-01	5	CVE-2020-28993 MISC MISC
bitrix24 — bitrix_framework	An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An “User enumeration and Improper Restriction of Excessive Authentication Attempts” vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.	2020-12-02	4	CVE-2020-28206 MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.	2020-11-27	5	CVE-2019-19878 MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.	2020-11-27	5	CVE-2019-19877 MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.	2020-11-27	5	CVE-2019-19873 MISC
br-automation — industrial_automation_aprol	An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.	2020-11-27	5	CVE-2019-19869 MISC
canon — mf237w_firmware	An issue was discovered on Canon MF237w 06.07 devices. An “Improper Handling of Length Parameter Inconsistency” issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.	2020-11-30	5	CVE-2020-16849 MISC CONFIRM
canto — canto	The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.	2020-11-30	5	CVE-2020-28977 MISC MISC MISC MISC MISC
canto — canto	The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.	2020-11-30	5	CVE-2020-28978 MISC MISC MISC MISC MISC
canto — canto	The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.	2020-11-30	5	CVE-2020-28976 MISC MISC MISC MISC MISC
clmg — clmg	A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.	2020-12-03	5.8	CVE-2020-25693 MISC
coremail_xt_project — coremail_xt	jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.	2020-11-27	4.3	CVE-2020-29133 MISC
cpanel — cpanel	In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).	2020-11-27	4	CVE-2020-29136 MISC MISC
cpanel — cpanel	cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).	2020-11-27	4.3	CVE-2020-29137 MISC MISC
ctolog — thinkadmin	ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.	2020-12-01	4.3	CVE-2020-29315 MISC
dadajiasu — dada_accelerator	There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD).	2020-12-03	4.9	CVE-2020-23736 MISC MISC MISC
desknets — neo	Cross-site scripting vulnerability in desknet’s NEO (desknet’s NEO Small License V5.5 R1.5 and earlier, and desknet’s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.	2020-12-03	4.3	CVE-2020-5638 MISC MISC
dlt-daemon_project — dlt-daemon	A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument).	2020-11-30	6.8	CVE-2020-29394 MISC MISC
drivergenius — drivergenius	In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges.	2020-12-03	4.6	CVE-2020-23740 MISC MISC MISC MISC
ec-cube — ec-cube	Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.	2020-12-03	4.3	CVE-2020-5679 MISC MISC
ec-cube — ec-cube	Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.	2020-12-03	5	CVE-2020-5680 MISC MISC
eclipse — jetty	In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.	2020-11-28	4.3	CVE-2020-27218 CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST
elastic — kibana	The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.	2020-12-02	5.8	CVE-2020-27816 MISC
hcltech — domino	HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.	2020-12-01	5	CVE-2020-4128 MISC
hcltech — hcl_domino	HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.	2020-12-01	5	CVE-2020-4129 MISC
hcltech — hcl_domino	HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user’s system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.	2020-11-30	4.3	CVE-2020-4127 MISC
hcltech — hcl_inotes	HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.	2020-12-01	4.3	CVE-2020-4126 MISC
hibernate — hibernate_orm	A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.	2020-12-02	5.8	CVE-2020-25638 MISC
huawei — fusioncompute	Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.	2020-12-01	6.5	CVE-2020-9116 MISC
huawei — nova_4_firmware	HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.	2020-12-01	4.6	CVE-2020-9117 MISC
ibm — cloud_pak_for_security	IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.	2020-11-30	4	CVE-2020-4696 XF CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.	2020-11-30	4	CVE-2020-4626 XF CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.	2020-11-30	5	CVE-2020-4624 XF CONFIRM
ibm — cloud_pak_for_security	IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.	2020-11-30	5	CVE-2020-4625 XF CONFIRM
jenkins — shelve_project	A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.	2020-12-03	5.8	CVE-2020-2321 MLIST CONFIRM
lenovo — pcmanager	A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.	2020-11-30	4.6	CVE-2020-8351 CONFIRM
libvncserver_project — libvncserver	A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.	2020-11-27	5	CVE-2020-25708 MISC
libxls_project — libxls	An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.	2020-12-02	6.8	CVE-2017-2910 MISC
linux — linux_kernel	An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.	2020-11-28	6.9	CVE-2020-29368 MISC MISC MISC
linux — linux_kernel	An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.	2020-11-28	6.9	CVE-2020-29369 MISC MISC MISC
linux — linux_kernel	An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.	2020-11-28	4.7	CVE-2020-29372 MISC MISC MISC
linux — linux_kernel	An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.	2020-11-28	4.4	CVE-2020-29370 MISC MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.	2020-11-28	6.9	CVE-2020-29374 MISC MISC MISC
lxml — lxml	A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.	2020-12-03	4.3	CVE-2020-27783 MISC
moddable — moddable	Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).	2020-12-04	5	CVE-2020-25461 MISC MISC
moddable — moddable	Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger.	2020-12-04	5	CVE-2020-25464 MISC
moddable — moddable	Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).	2020-12-04	5	CVE-2020-25465 MISC MISC
moddable — moddable	Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).	2020-12-04	5	CVE-2020-25463 MISC MISC
myeventon — eventon	The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.	2020-11-30	4.3	CVE-2020-29395 MISC MISC MISC
nlnetlabs — unbound	An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.	2020-11-27	5	CVE-2020-10772 MISC
nodejs — node.js	Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).	2020-12-03	6.4	CVE-2018-21270 MISC MISC MISC
online_voting_system_project — online_voting_system	Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.	2020-12-02	4.3	CVE-2020-29239 MISC
outsystems — outsystems	An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.	2020-11-30	6.4	CVE-2020-29441 MISC
papermerge — papermerge	Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document’s filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required.	2020-12-02	4.3	CVE-2020-29456 MISC MISC MISC
pbootcms — pbootcms	Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.	2020-11-30	4.3	CVE-2020-17901 MISC
phoenixcontact — btp_2043w_firmware	Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).	2020-12-02	5	CVE-2020-12524 CONFIRM
pimcore — pimcore	Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.	2020-12-03	4	CVE-2020-26246 MISC CONFIRM
pixar — openusd	An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.	2020-12-02	4.3	CVE-2020-13498 MISC
pixar — openusd	A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.	2020-12-02	4.3	CVE-2020-13494 MISC
pixar — openusd	An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.	2020-12-02	4.3	CVE-2020-13496 MISC
pixar — openusd	An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.	2020-12-02	4.3	CVE-2020-13497 MISC
pixar — openusd	An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.	2020-12-03	4.3	CVE-2020-13524 MISC
pixar — openusd	A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.	2020-12-02	6.8	CVE-2020-13493 MISC
processmaker — processmaker	The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.	2020-12-03	6.5	CVE-2020-13525 MISC
qemu — qemu	hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.	2020-11-30	6.4	CVE-2020-25624 MISC
quickheal — total_security	Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.	2020-11-30	4.3	CVE-2020-27586 MISC
redhat — cloudforms	This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.	2020-12-02	6.8	CVE-2020-14369 MISC
sagemcom — f@st_3486_router_firmware	Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.	2020-11-27	5	CVE-2020-29138 MISC
saibo — cyber_game_accelerator	In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges	2020-12-03	4.6	CVE-2020-23735 MISC MISC
samba — samba	A flaw was found in samba’s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.	2020-12-02	4	CVE-2020-14383 MISC MISC
samba — samba	A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.	2020-12-03	4	CVE-2020-14318 MISC MISC
schedmd — slurm	Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.	2020-11-27	6.8	CVE-2020-27745 MISC
schedmd — slurm	Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.	2020-11-27	4.3	CVE-2020-27746 MISC
schneider-electric — ecostruxure_energy_expert	A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.	2020-12-01	6.5	CVE-2020-7547 MISC
schneider-electric — ecostruxure_energy_expert	A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.	2020-12-01	6.5	CVE-2020-7545 MISC
softwaremill — akka-http-session	This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.	2020-11-27	6.8	CVE-2020-7780 MISC MISC MISC MISC MISC MISC
textpattern — textpattern	Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.	2020-12-02	6.8	CVE-2020-29458 MISC
trendmicro — apex_one	An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.	2020-12-01	5	CVE-2020-28576 MISC MISC MISC
trendmicro — apex_one	An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.	2020-12-01	5	CVE-2020-28573 MISC MISC MISC
trendmicro — apex_one	An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.	2020-12-01	5	CVE-2020-28577 MISC MISC MISC
trendmicro — apex_one	An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.	2020-12-01	5	CVE-2020-28582 MISC MISC MISC
trendmicro — apex_one	An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.	2020-12-01	5	CVE-2020-28583 MISC MISC MISC
trendmicro — serverprotect	A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.	2020-12-01	4.6	CVE-2020-28575 MISC MISC
umbraco — umbraco_cms	Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.	2020-12-02	4	CVE-2020-29454 MISC
vsolcn — v1600d_firmware	An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided.	2020-11-29	5	CVE-2020-29377 MISC
vsolcn — v1600d_firmware	An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.	2020-11-29	4.3	CVE-2020-29380 MISC
vsolcn — v1600d_firmware	An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user.	2020-11-29	4	CVE-2020-29375 MISC
vsolcn — v1600d_firmware	An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service.	2020-11-29	5	CVE-2020-29376 MISC
we-con — plc_editor	WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.	2020-12-01	6.8	CVE-2020-25177 MISC
we-con — plc_editor	WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.	2020-12-01	6.8	CVE-2020-25181 MISC
weseek — growi	Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.	2020-12-03	4.3	CVE-2020-5677 MISC MISC MISC
weseek — growi	Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.	2020-12-03	4.3	CVE-2020-5678 MISC MISC MISC
weseek — growi	GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.	2020-12-03	5	CVE-2020-5676 MISC MISC MISC
wisecleaner — wise_care_365	There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).	2020-12-03	4.9	CVE-2020-23726 MISC MISC MISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
apache — cordova	We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.	2020-12-01	2.1	CVE-2020-11990 JVN MISC
audacityteam — audacity	Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.	2020-11-30	2.1	CVE-2020-11867 MISC MISC
cpanel — cpanel	cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).	2020-11-27	3.5	CVE-2020-29135 MISC MISC
cyberark — endpoint_privilege_manager	CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.	2020-11-27	1.9	CVE-2020-25738 MISC MISC
ericsson — bscs_ix_r18_billing_&_rating_admx	In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework.	2020-11-27	3.5	CVE-2020-29144 MISC
ericsson — bscs_ix_r18_billing_&_rating_admx	In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework.	2020-11-27	3.5	CVE-2020-29145 MISC
ibm — business_automation_workflow	IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.	2020-11-30	2.1	CVE-2020-4900 XF CONFIRM
intelbras — tip200_firmware	Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.	2020-11-27	3.5	CVE-2020-12262 MISC MISC
lepton-cms — leptoncms	Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.	2020-12-02	3.5	CVE-2020-29240 MISC MISC
linux — linux_kernel	A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.	2020-12-02	1.9	CVE-2020-25656 MISC MISC MISC
linux — linux_kernel	An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.	2020-11-28	2.1	CVE-2020-29373 MISC MISC MISC
linux — linux_kernel	An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.	2020-11-28	2.1	CVE-2020-29371 MISC MISC MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.	2020-11-28	1.9	CVE-2019-20934 MISC MISC MISC
lock_password_manager_safe_app_project — lock_password_manager_safe_app	The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a #06# backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user.	2020-11-30	2.1	CVE-2020-29392 MISC
netartmedia — news_lister	In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.	2020-11-30	3.5	CVE-2020-29364 MISC MISC
openclinic_project — openclinic	OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.	2020-12-03	3.5	CVE-2020-28938 MISC
qemu — qemu	hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.	2020-12-04	2.1	CVE-2020-28916 CONFIRM MISC
quickheal — total_security	Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.	2020-11-30	2.1	CVE-2020-27585 MISC
quickheal — total_security	Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.	2020-11-30	2.1	CVE-2020-27587 MISC
sap — adaptive_server_enterprise	In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions – 15.7, 16.0.	2020-11-30	2.7	CVE-2020-6317 MISC MISC
schneider-electric — ecostruxure_energy_expert	A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.	2020-12-01	3.5	CVE-2020-7546 MISC
solarwinds — help_desk	Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.	2020-12-01	3.5	CVE-2019-16958 MISC MISC
synology — safeaccess	Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.	2020-11-30	3.5	CVE-2020-27659 CONFIRM
tesla — model_x_firmware	Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.)	2020-11-30	2.1	CVE-2020-29439 MISC
tesla — model_x_firmware	Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob.	2020-11-30	2.1	CVE-2020-29440 MISC
tesla — model_x_firmware	Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip.	2020-11-30	3.3	CVE-2020-29438 MISC
vsolcn — v1600d4l_firmware	An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.	2020-11-29	2.1	CVE-2020-29379 MISC
vsolcn — v1600d4l_firmware	An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images.	2020-11-29	2.1	CVE-2020-29383 MISC
vsolcn — v1600d_firmware	An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.	2020-11-29	2.1	CVE-2020-29382 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
alfredo_milani_comparetti — speedfan	There is a local privilege escalation vulnerabiliy in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges	2020-12-03	not yet calculated	CVE-2020-28175 MISC MISC MISC
allen-bradley — micrologix_1100_progammable_logic_controller_systems_series	An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.	2020-12-03	not yet calculated	CVE-2020-6111 MISC
apache — tomcat	While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.	2020-12-03	not yet calculated	CVE-2020-17527 MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST MLIST
appimage — appimaged	AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it.	2020-12-02	not yet calculated	CVE-2020-25266 MISC
appimage — libappimage	AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.	2020-12-02	not yet calculated	CVE-2020-25265 MISC
arachnys — cabot	Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.	2020-12-04	not yet calculated	CVE-2020-25449 MISC MISC MISC MISC
check_point — endpoint_security_client	Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.	2020-12-03	not yet calculated	CVE-2020-6021 MISC
cisco — ibevm	An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability.	2020-12-02	not yet calculated	CVE-2017-14451 MISC
fasterxml — jackson-databind	A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.	2020-12-03	not yet calculated	CVE-2020-25649 MISC MISC MLIST
gni_c_library — glibc	The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.	2020-12-04	not yet calculated	CVE-2020-29562 MISC
gorilla — websocket	An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.	2020-12-02	not yet calculated	CVE-2020-27813 MISC MISC
hashicorp — go-slug	HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.	2020-12-03	not yet calculated	CVE-2020-29529 MISC MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27776 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27775 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27767 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.	2020-12-04	not yet calculated	CVE-2020-27766 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27765 MISC
imagemagik — imagemagik	In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.	2020-12-03	not yet calculated	CVE-2020-27764 MISC MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27772 MISC
imagemagik — imagemagik	In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27771 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27773 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-03	not yet calculated	CVE-2020-27763 MISC
imagemagik — imagemagik	In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-03	not yet calculated	CVE-2020-27759 MISC
imagemagik — imagemagik	In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it’s possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.	2020-12-03	not yet calculated	CVE-2020-27760 MISC
imagemagik — imagemagik	WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.	2020-12-03	not yet calculated	CVE-2020-27761 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.	2020-12-03	not yet calculated	CVE-2020-27762 MISC
imagemagik — imagemagik	Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.	2020-12-04	not yet calculated	CVE-2020-27770 MISC
imagemagik — imagemagik	A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.	2020-12-04	not yet calculated	CVE-2020-27774 MISC
infinispan — infinispan	A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.	2020-12-03	not yet calculated	CVE-2020-25711 MISC
jenkins — jenkins	Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.	2020-12-03	not yet calculated	CVE-2020-2323 MLIST CONFIRM
jenkins — jenkins	Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.	2020-12-03	not yet calculated	CVE-2020-2322 MLIST CONFIRM
jenkins — jenkins	Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2020-12-03	not yet calculated	CVE-2020-2324 MLIST CONFIRM
jenkins — jenkins	Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.	2020-12-03	not yet calculated	CVE-2020-2320 MLIST CONFIRM
jupyterhub — oauthenticator	OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed. Provider-based restrictions, including deprecated values such as `GitHubOAuthenticator.org_whitelist` are not affected. All users of OAuthenticator 0.12.0 and 0.12.1 with JupyterHub 1.2 (JupyterHub Helm chart 0.10.0-0.10.5) who use the `admin.whitelist.users` configuration in the jupyterhub helm chart or the `c.Authenticator.whitelist` configuration directly. Users of other deprecated configuration, e.g. `c.GitHubOAuthenticator.team_whitelist` are not affected. If you see a log line like this and expect a specific list of allowed usernames: “[I 2020-11-27 16:51:54.528 JupyterHub app:1717] Not using allowed_users. Any authenticated user will be allowed.” you are likely affected. Updating oauthenticator to 0.12.2 is recommended. A workaround is to replace the deprecated `c.Authenticator.whitelist = …` with `c.Authenticator.allowed_users = …`. If any users have been authorized during this time who should not have been, they must be deleted via the API or admin interface, per the referenced documentation.	2020-12-01	not yet calculated	CVE-2020-26250 MISC MISC CONFIRM MISC
kaspersky — anti-ransomware_tool	The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.	2020-12-04	not yet calculated	CVE-2020-28950 MISC
kia_motors — head_unit	Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.	2020-12-01	not yet calculated	CVE-2020-8539 MISC MISC
lightbend — play_framework	An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.	2020-12-03	not yet calculated	CVE-2020-28923 MISC CONFIRM
linux — linux_kernel	A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	2020-12-03	not yet calculated	CVE-2020-14381 MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.	2020-12-03	not yet calculated	CVE-2020-29534 MISC MISC MISC
linux — linux_kernel	A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	2020-12-03	not yet calculated	CVE-2020-14351 MISC
linux — linux_kernel	A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.	2020-12-02	not yet calculated	CVE-2020-25704 MISC MISC MISC
logicaldoc — logicaldoc	A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.	2020-12-03	not yet calculated	CVE-2020-13542 MISC
mcafee — total_protection	Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.	2020-12-01	not yet calculated	CVE-2020-7335 CONFIRM MISC
mitsubishi_electric_corporation — multiple_products	Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.	2020-12-04	not yet calculated	CVE-2020-5675 MISC MISC MISC
netscout — airmagnet_enterprise	NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise.	2020-12-03	not yet calculated	CVE-2020-28251 MISC CONFIRM
openclinic — openclinic	OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient’s medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.	2020-12-03	not yet calculated	CVE-2020-28937 MISC
openclinic — openclinic	OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.	2020-12-03	not yet calculated	CVE-2020-28939 MISC
opensis — community_edition	OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.	2020-12-04	not yet calculated	CVE-2020-27408 MISC MISC
opensis — community_edition	OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.	2020-12-04	not yet calculated	CVE-2020-27409 MISC MISC MISC
openstack — horizon	An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.	2020-12-04	not yet calculated	CVE-2020-29565 MISC MISC MISC
pixar — openusd	A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.	2020-12-03	not yet calculated	CVE-2020-13531 MISC
poppler — poppler	A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the ‘pdftohtml’ program, would crash the application causing a denial of service.	2020-12-03	not yet calculated	CVE-2020-27778 MISC
prestashop — prestashop	In the PrestaShop module “productcomments” before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.	2020-12-03	not yet calculated	CVE-2020-26248 MISC MISC CONFIRM MISC
python — openid_connect	Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.	2020-12-02	not yet calculated	CVE-2020-26244 MISC MISC CONFIRM MISC
qemu — qemu	A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.	2020-12-02	not yet calculated	CVE-2020-25723 MISC
qemu — qemu	A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	2020-12-03	not yet calculated	CVE-2020-14339 MISC
rumkin — keyget	Prototype pollution vulnerability in ‘keyget’ versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.	2020-12-02	not yet calculated	CVE-2020-28272 MISC CONFIRM
rumkin — set-in	Prototype pollution vulnerability in ‘set-in’ versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.	2020-12-02	not yet calculated	CVE-2020-28273 MISC MISC MISC
schneider_electric — multiple_products	A CWE-330 – Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.	2020-12-01	not yet calculated	CVE-2020-7548 MISC
schneider_electric — multiple_products	A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.	2020-12-01	not yet calculated	CVE-2020-7533 MISC
sonicboom — sonicboom	An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.	2020-12-04	not yet calculated	CVE-2020-29561 MISC
trac_software — webkitgtk	An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.	2020-12-03	not yet calculated	CVE-2020-13584 FEDORA MISC
trac_software — webkitgtk	A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.	2020-12-03	not yet calculated	CVE-2020-13543 MISC
ubuntu — containerd	containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the “host” network namespace, for example with docker run –net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container’s privilege, regardless of what container runtime is used for running that container.	2020-12-01	not yet calculated	CVE-2020-15257 MISC MISC CONFIRM
ubuntu — pulseaudio	An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.	2020-12-04	not yet calculated	CVE-2020-16123 UBUNTU UBUNTU
ubuntu — snapcraft	In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.	2020-12-04	not yet calculated	CVE-2020-27348 MISC MISC MISC
ubuntu — ubuntu	software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn’t check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.	2020-12-02	not yet calculated	CVE-2012-0955 UBUNTU UBUNTU
valve — game_networking_sockets	Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.	2020-12-03	not yet calculated	CVE-2020-6017 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Advisory for Vulnerability in AnyConnect Software

by Scott Muniz | Dec 7, 2020 | Security, Technology

This article is contributed. See the original author and article here.

Original release date: December 7, 2020

Cisco has released a security advisory on an Arbitrary Code Execution vulnerability—CVE-2020-3556—affecting Cisco AnyConnect Secure Mobility Client devices. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

« Older Entries

Next Entries »

Empowering—Joe Camp’s path from no-code to Microsoft Power Platform advocate

Cloud advocates who continue their learning by learning from each other

Camp’s journey from no-code to citizen developer

A citizen developer empowering others to make a change

Hawking in a winter wonderland

The Beginner’s Series to Blockchain

Beginner’s Series to Blockchain

Overview

What you’ll learn about in this series

Next steps

Helpful resources

Microsoft specific

External resources

Vulnerability Summary for the Week of November 30, 2020

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Cisco Releases Security Advisory for Vulnerability in AnyConnect Software

Recent Posts

Recent Comments

Archives

Categories

Meta

We look forward to meeting you